Thorsten

**Name of the Vulnerable Software and Affected Versions** Lynx versions 2.8.9 and earlier **Description** The issue is related to the mishandling of the userinfo subcomponent of a URI, allowing remote attackers to discover cleartext credentials because they may appear in SNI data or HTTP headers. This can enable a remote attacker to access confidential data. **Recommendations** For versions 2.8.9 and earlier, update to a version that fixes the userinfo subcomponent handling issue to prevent cleartext credentials from being exposed in SNI data or HTTP headers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.