CVE-2021-27935

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-27935
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27935.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-27935
Published
2021-03-03T20:15:12.437Z
Modified
2026-04-10T04:31:39.265953Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie.

References

Affected packages

Git / github.com/AdguardTeam/AdGuardHome

Affected ranges

Type
GIT
Repo
https://github.com/AdguardTeam/AdGuardHome
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1789c96c7f59fe3b94270e0a6133f8baf0aa01eb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.105.2"
        }
    ]
}

Affected versions

v0.*
v0.1
v0.100.0
v0.100.1
v0.100.2
v0.100.3
v0.100.4
v0.100.5
v0.100.6
v0.100.7
v0.100.8
v0.100.9
v0.101.0
v0.102.0
v0.103.0
v0.103.0-beta1
v0.103.0-beta2
v0.103.0-beta3
v0.103.1
v0.103.2
v0.103.3
v0.104.0
v0.104.0-beta1
v0.104.0-beta2
v0.104.0-beta3
v0.104.1
v0.105.0
v0.105.0-beta.3
v0.105.0-beta.4
v0.105.0-beta.5
v0.105.1
v0.105.1-beta.1
v0.9
v0.9-hotfix1
v0.91
v0.92
v0.92-hotfix1
v0.92-hotfix2
v0.93
v0.95
v0.95-hotfix
v0.96
v0.96-hotfix
v0.97.0
v0.97.1
v0.98.0
v0.98.1
v0.99.0
v0.99.1
v0.99.2
v0.99.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27935.json"