CVE-2021-27514

Critical

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication…

mitre·CWE-307·Published 2021-02-21

CVSS

9.8

EPSS

0.04

KEV

Exploits

cve.orgen

188 chars

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).

NVDen

188 chars

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).

EyesOfNetwork versión 5.3-10, usa un número entero de entre 8 y 10 dígitos para el ID de sesión, que podría ser aprovechado para omitir una autenticación de fuerza bruta (como en la explotación del CVE-2021-27513)

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H