CVE-2021-31245

Published: May 6, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Ysurac/openmptcprouter-vps-admin

x_refsource_MISC

https://www.openmptcprouter.com/

x_refsource_MISC

https://medium.com/d3crypt/timing-attack-on-openmptcprouter-vps-admin-authentication-cve-2021-31245-12dd92303e1

x_refsource_MISC

https://github.com/Ysurac/openmptcprouter-vps-admin/commit/a01cbc8c3d3b8bb7720bf3ff234671b4c0e1859c#diff-b89ee68e63302a732d4bde35eb04a205b06f1611147e139642356f173195ab80

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-31245

Description

Affected Products

References