View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000117||AlmaLinux-8||lynx||public||2021-08-12 16:49||2021-12-13 14:14|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Summary||0000117: CVE-2021-38165: Lynx through 2.8.9 can expose credentials via SNI|
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
|Steps To Reproduce||If you have an HTTPS server listening on localhost, this is pretty easy to reproduce.|
Use tcpdump or wireshark to watch traffic.
tcpdump -vvA -i lo port 443
Attempt to connect to localhost passing credentials in the URL.
lynx https://user:[email protected]/
You will see "user:[email protected]" in the plaintext of the tcpdump output.
|Tags||No tags attached.|
||this is something to be reported and fixed upstream|
RHEL8 is not listed for some reason.