How severe is CVE-2021-43298?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-43298?

This is classified as CWE-208, which is a common weakness in software security.

CVE-2021-43298

CRITICAL Year: 2021

CVSS v3 Score

9.8

Critical

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-208

View all →

Vulnerability Description

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response.

CVE-2021-21575

CRITICAL

CVSS:9.8(Critical)

Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

CWE-2082021

CVE-2023-41313

CRITICAL

CVSS:9.8(Critical)

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.

CWE-2082023

CVE-2024-42512

HIGH

CVSS:8.6(High)

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.

CWE-2082024

CVE-2023-25529

HIGH

CVSS:8.1(High)

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepanci...

CWE-2082023