Incorrect Implementation of Authentication Algorithm

CVE-2021-21902

High

8.1/10

Summary

An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-303 - Incorrect Implementation of Authentication Algorithm

The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

References

Advisory Timeline

Published Dec 22, 2021

Incorrect Implementation of Authentication Algorithm

CVE-2021-21902

Summary

CWE-303 - Incorrect Implementation of Authentication Algorithm

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS