View Issue Details

IDProjectCategoryView StatusLast Update
0000117AlmaLinux-8lynxpublic2021-12-13 14:14
Reportermoredaylight Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0000117: CVE-2021-38165: Lynx through 2.8.9 can expose credentials via SNI
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
Steps To ReproduceIf you have an HTTPS server listening on localhost, this is pretty easy to reproduce.

Use tcpdump or wireshark to watch traffic.
tcpdump -vvA -i lo port 443

Attempt to connect to localhost passing credentials in the URL.
lynx https://user:[email protected]/

You will see "user:[email protected]" in the plaintext of the tcpdump output.
TagsNo tags attached.



2021-12-13 03:59

reporter   ~0000445

this is something to be reported and fixed upstream


2021-12-13 14:14

administrator   ~0000451

RHEL8 is not listed for some reason.

Issue History

Date Modified Username Field Change
2021-08-12 16:49 moredaylight New Issue
2021-12-13 03:59 akdev Note Added: 0000445
2021-12-13 14:14 alukoshko Note Added: 0000451