View Issue Details

IDProjectCategoryView StatusLast Update
0000117AlmaLinux-8lynxpublic2021-12-13 14:14
Reportermoredaylight Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0000117: CVE-2021-38165: Lynx through 2.8.9 can expose credentials via SNI
Descriptionhttps://nvd.nist.gov/vuln/detail/CVE-2021-38165
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.

https://www.openwall.com/lists/oss-security/2021/08/07/1
Steps To ReproduceIf you have an HTTPS server listening on localhost, this is pretty easy to reproduce.

Use tcpdump or wireshark to watch traffic.
tcpdump -vvA -i lo port 443

Attempt to connect to localhost passing credentials in the URL.
lynx https://user:[email protected]/

You will see "user:[email protected]" in the plaintext of the tcpdump output.
TagsNo tags attached.
abrt_hash
URL

Activities

akdev

2021-12-13 03:59

reporter   ~0000445

this is something to be reported and fixed upstream

alukoshko

2021-12-13 14:14

developer   ~0000451

RHEL8 is not listed for some reason.
https://access.redhat.com/security/cve/cve-2021-38165

Issue History

Date Modified Username Field Change
2021-08-12 16:49 moredaylight New Issue
2021-12-13 03:59 akdev Note Added: 0000445
2021-12-13 14:14 alukoshko Note Added: 0000451