CVE-2021-31245
- Source
- https://cve.org/CVERecord?id=CVE-2021-31245
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31245.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-31245
- Withdrawn
- 2026-05-04T08:37:44.628850Z
- Published
- 2021-05-06T13:15:12.607Z
- Modified
- 2026-05-04T08:37:44.628850Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack.
- References
-
- https://www.openmptcprouter.com/
- https://github.com/Ysurac/openmptcprouter-vps-admin
- https://github.com/Ysurac/openmptcprouter-vps-admin/commit/a01cbc8c3d3b8bb7720bf3ff234671b4c0e1859c#diff-b89ee68e63302a732d4bde35eb04a205b06f1611147e139642356f173195ab80
- https://medium.com/d3crypt/timing-attack-on-openmptcprouter-vps-admin-authentication-cve-2021-31245-12dd92303e1