Design/Logic Flaw

2021-05-0613:15:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.6%

JSON

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack.

CPENameOperatorVersion
openmptcprouterle0.57.3

CPE	Name	Operator	Version
	openmptcprouter	le	0.57.3

References

github.com/Ysurac/openmptcprouter-vps-admin

github.com/Ysurac/openmptcprouter-vps-admin/commit/a01cbc8c3d3b8bb7720bf3ff234671b4c0e1859c

medium.com/d3crypt/timing-attack-on-openmptcprouter-vps-admin-authentication-cve-2021-31245-12dd92303e1

www.openmptcprouter.com/