CVE-2021-42949

Description

The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.

Related CPE's

a digitaldruid hoteldruid 3.0.3 *******

References

https://github.com/dhammon/Security

Broken Link

https://github.com/dhammon/HotelDruid-CVE-2021-42949

Third Party Advisory

https://www.hoteldruid.com/

ProductVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io