CVE-2021-38165

Medium

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because…

mitre·CWE-522·Published 2021-08-07

CVSS

5.3

EPSS

0.04

KEV

Exploits

cve.orgen

166 chars

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.

NVDen

166 chars

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.

NVDes

240 chars

HTParse en Lynx versiones hasta 2.8.9, maneja inapropiadamente el subcomponente userinfo de un URI, que permite a atacantes remotos descubrir credenciales en texto sin cifrar porque pueden aparecer en los datos SNI o en los encabezados HTTP

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N