CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 5.0

References

Products affected by CVE-2021-43298

Embedthis » Goahead » Version: N/A

cpe:2.3:a:embedthis:goahead:-
Embedthis » Goahead » Version: 2.1.5

cpe:2.3:a:embedthis:goahead:2.1.5
Embedthis » Goahead » Version: 2.1.8

cpe:2.3:a:embedthis:goahead:2.1.8
Embedthis » Goahead » Version: 2.5.0

cpe:2.3:a:embedthis:goahead:2.5.0
Embedthis » Goahead » Version: 3.0.0

cpe:2.3:a:embedthis:goahead:3.0.0
Embedthis » Goahead » Version: 3.1.0

cpe:2.3:a:embedthis:goahead:3.1.0
Embedthis » Goahead » Version: 3.1.1

cpe:2.3:a:embedthis:goahead:3.1.1
Embedthis » Goahead » Version: 3.1.2

cpe:2.3:a:embedthis:goahead:3.1.2
Embedthis » Goahead » Version: 3.1.3

cpe:2.3:a:embedthis:goahead:3.1.3
Embedthis » Goahead » Version: 3.3.0

cpe:2.3:a:embedthis:goahead:3.3.0
Embedthis » Goahead » Version: 3.3.1

cpe:2.3:a:embedthis:goahead:3.3.1
Embedthis » Goahead » Version: 3.3.2

cpe:2.3:a:embedthis:goahead:3.3.2
Embedthis » Goahead » Version: 3.3.3

cpe:2.3:a:embedthis:goahead:3.3.3
Embedthis » Goahead » Version: 3.3.4

cpe:2.3:a:embedthis:goahead:3.3.4
Embedthis » Goahead » Version: 3.3.5

cpe:2.3:a:embedthis:goahead:3.3.5
Embedthis » Goahead » Version: 3.3.6

cpe:2.3:a:embedthis:goahead:3.3.6
Embedthis » Goahead » Version: 3.4.0

cpe:2.3:a:embedthis:goahead:3.4.0
Embedthis » Goahead » Version: 3.4.1

cpe:2.3:a:embedthis:goahead:3.4.1
Embedthis » Goahead » Version: 3.4.10

cpe:2.3:a:embedthis:goahead:3.4.10
Embedthis » Goahead » Version: 3.4.11

cpe:2.3:a:embedthis:goahead:3.4.11
Embedthis » Goahead » Version: 3.4.12

cpe:2.3:a:embedthis:goahead:3.4.12
Embedthis » Goahead » Version: 3.4.2

cpe:2.3:a:embedthis:goahead:3.4.2
Embedthis » Goahead » Version: 3.4.3

cpe:2.3:a:embedthis:goahead:3.4.3
Embedthis » Goahead » Version: 3.4.4

cpe:2.3:a:embedthis:goahead:3.4.4
Embedthis » Goahead » Version: 3.4.5

cpe:2.3:a:embedthis:goahead:3.4.5
Embedthis » Goahead » Version: 3.4.6

cpe:2.3:a:embedthis:goahead:3.4.6
Embedthis » Goahead » Version: 3.4.7

cpe:2.3:a:embedthis:goahead:3.4.7
Embedthis » Goahead » Version: 3.4.8

cpe:2.3:a:embedthis:goahead:3.4.8
Embedthis » Goahead » Version: 3.4.9

cpe:2.3:a:embedthis:goahead:3.4.9
Embedthis » Goahead » Version: 3.5.0

cpe:2.3:a:embedthis:goahead:3.5.0
Embedthis » Goahead » Version: 3.6.0

cpe:2.3:a:embedthis:goahead:3.6.0
Embedthis » Goahead » Version: 3.6.1

cpe:2.3:a:embedthis:goahead:3.6.1
Embedthis » Goahead » Version: 3.6.2

cpe:2.3:a:embedthis:goahead:3.6.2
Embedthis » Goahead » Version: 3.6.3

cpe:2.3:a:embedthis:goahead:3.6.3
Embedthis » Goahead » Version: 3.6.4

cpe:2.3:a:embedthis:goahead:3.6.4
Embedthis » Goahead » Version: 3.6.5

cpe:2.3:a:embedthis:goahead:3.6.5
Embedthis » Goahead » Version: 4.0.0

cpe:2.3:a:embedthis:goahead:4.0.0
Embedthis » Goahead » Version: 4.0.1

cpe:2.3:a:embedthis:goahead:4.0.1
Embedthis » Goahead » Version: 4.0.2

cpe:2.3:a:embedthis:goahead:4.0.2
Embedthis » Goahead » Version: 4.1.0

cpe:2.3:a:embedthis:goahead:4.1.0
Embedthis » Goahead » Version: 4.1.1

cpe:2.3:a:embedthis:goahead:4.1.1
Embedthis » Goahead » Version: 4.1.2

cpe:2.3:a:embedthis:goahead:4.1.2
Embedthis » Goahead » Version: 4.1.3

cpe:2.3:a:embedthis:goahead:4.1.3
Embedthis » Goahead » Version: 5.0.0

cpe:2.3:a:embedthis:goahead:5.0.0
Embedthis » Goahead » Version: 5.0.1

cpe:2.3:a:embedthis:goahead:5.0.1
Embedthis » Goahead » Version: 5.1.0

cpe:2.3:a:embedthis:goahead:5.1.0
Embedthis » Goahead » Version: 5.1.2

cpe:2.3:a:embedthis:goahead:5.1.2
Embedthis » Goahead » Version: 5.1.3

cpe:2.3:a:embedthis:goahead:5.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43298

Products

Pricing

Contact Us