CVE-2021-42096
mailman: CSRF token derived from admin password allows offline brute-force attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
GNU Mailman versiones anteriores a 2.1.35, puede permitir una Escalada de Privilegios remota. Un determinado valor de csrf_token es derivado de la contraseña del administrador, y puede ser útil para llevar a cabo un ataque de fuerza bruta contra esa contraseña
Sensitive information is exposed to unprivileged users in mailman. The hash of the list admin password is used to derive the CSRF (Cross-site Request Forgery) token, which is exposed to unprivileged members of a list. Malicious members may use the CSRF token to perform an offline brute-force attack to retrieve the list admin password.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-07 CVE Reserved
- 2021-10-21 CVE Published
- 2024-01-12 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2021/10/21/4 | 2023-11-07 | |
https://bugs.launchpad.net/mailman/+bug/1947639 | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2021/dsa-4991 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2021-42096 | 2021-11-24 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2020575 | 2021-11-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gnu Search vendor "Gnu" | Mailman Search vendor "Gnu" for product "Mailman" | < 2.1.35 Search vendor "Gnu" for product "Mailman" and version " < 2.1.35" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|