How severe is CVE-2021-3784?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2021-3784?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2021-3784 - HIGH Severity | CVSS 7

Vulnerability Description

Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.

Related Vulnerabilities

CVE-2017-3765

HIGH

CVSS:7.0(High)

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in...

CWE-2872017

CVE-2018-0886

HIGH

CVSS:7.0(High)

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1...

CWE-2872018

CVE-2018-13435

HIGH

CVSS:7.0(High)

An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode...

CWE-2872018

CVE-2018-13446

HIGH

CVSS:7.0(High)

An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value ...

CWE-2872018

CVE-2018-6686

HIGH

CVSS:7.0(High)

Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circu...

CWE-2872018

CVE-2018-6689

HIGH

CVSS:7.0(High)

Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection v...

CWE-2872018