Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-43332

Related Vulnerabilities: CVE-2021-43332  

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

Source

Description

The MITRE CVE dictionary describes this issue as:

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

Additional Information

  • Bugzilla 2027225: CVE-2021-43332 mailman: a list moderator can crack the list admin password encrypted in a CSRF token
  • CWE-307: Improper Restriction of Excessive Authentication Attempts
  • FAQ: Frequently asked questions about CVE-2021-43332

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started