Lucene search
Ubuntu.comUB:CVE-2021-42949HistorySep 16, 2022 - 12:00 a.m.
CVE-2021-42949
2022-09-1600:00:00
ubuntu.com
ubuntu.com
20
hoteldruid software
session token
vulnerability
authentication bypass
bruteforce
unix
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
68.7%
The component controlla_login function in HotelDruid Hotel Management
Software v3.0.3 generates a predictable session token, allowing attackers
to bypass authentication via bruteforce attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | hoteldruid | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | hoteldruid | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | hoteldruid | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | hoteldruid | < any | UNKNOWN |
Related
veracode
veracode
Insecure Token
2022-04-27 13:56:02
cvelist
cvelist
CVE-2021-42949
2022-09-16 14:45:36
githubexploit
githubexploit
Exploit for CVE-2021-42949
2022-02-19 21:02:42
cve
cve
CVE-2021-42949
2022-09-16 15:15:09
nvd
nvd
CVE-2021-42949
2022-09-16 15:15:09
prion
prion
Authentication flaw
2022-09-16 15:15:00
debiancve
debiancve
CVE-2021-42949
2022-09-16 15:15:09
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
68.7%
Related for UB:CVE-2021-42949