CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
28.1%
github.com/schollz/croc is vulnerable to Sensitive Information Exposure. The vulnerability is due to the way croc uses the leading three characters of a shared secret to select a common “room name”. When custom shared secrets are used, the leading three characters might give away information about the rest of the shared secret. An attacker can exploit this flaw to guess the entire shared secret, enabling them to eavesdrop on communications.