CVE-2021-32921

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Prosody versions prior to 0.11.9

Description An issue in Prosody allows an attacker to potentially reveal the contents of secret strings through a timing attack. This is due to the use of a non-constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. The vulnerability can be exploited by a remote attacker to gain access to confidential data.

Recommendations For versions prior to 0.11.9, update to version 0.11.9 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update can be applied.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2021-1808

ALT-PU-2021-2611

ALT-PU-2024-16554

BDU:2021-04586

CVE-2021-32921

DLA-2687-1

DLA-2687-2

DSA-4916-1

DSA-4916-2

Affected Products

Alt Linux

Lua

Prosody

CVE-2021-32921

Weakness Enumeration

Related Identifiers

Affected Products

References · 31