CVE-2021-31245

Name of the Vulnerable Software and Affected Versions openmptcprouter-vps-admin versions 0.57.3 and earlier

Description The issue allows remote attackers to guess the password via a timing attack because the password comparison is done in a length-dependent manner. This means that the time it takes to compare the user-provided password with the original password can give away information about the length of the correct password, making it easier for attackers to guess it.

Recommendations For openmptcprouter-vps-admin versions 0.57.3 and earlier, consider updating to a newer version that fixes this issue, as the current version allows for a timing attack due to the length-dependent password comparison. At the moment, there is no information about a newer version that contains a fix for this vulnerability.