View Issue Details

IDProjectCategoryView StatusLast Update
0000117AlmaLinux-8lynxpublic2021-08-12 16:49
Reportermoredaylight Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0000117: CVE-2021-38165: Lynx through 2.8.9 can expose credentials via SNI
Descriptionhttps://nvd.nist.gov/vuln/detail/CVE-2021-38165
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.

https://www.openwall.com/lists/oss-security/2021/08/07/1
Steps To ReproduceIf you have an HTTPS server listening on localhost, this is pretty easy to reproduce.

Use tcpdump or wireshark to watch traffic.
tcpdump -vvA -i lo port 443

Attempt to connect to localhost passing credentials in the URL.
lynx https://user:[email protected]/

You will see "user:[email protected]" in the plaintext of the tcpdump output.
TagsNo tags attached.
abrt_hash
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2021-08-12 16:49 moredaylight New Issue