VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 15, 2021· Updated Aug 4, 2024

CVE-2021-42216

CVE-2021-42216

Description

A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

AnonAddy 0.8.5 uses a broken cryptographic algorithm in VerificationController.php, allowing attackers to bypass email verification.

Vulnerability

CVE-2021-42216 is a broken or risky cryptographic algorithm vulnerability in AnonAddy version 0.8.5, specifically in the VerificationController.php file [1][2]. The affected code path is within the email verification mechanism, where the cryptographic implementation is flawed, potentially allowing the generation of valid verification tokens without proper signing [2].

Exploitation

An attacker can exploit this vulnerability by crafting or bypassing the verification tokens due to the weak cryptographic algorithm [2]. No authentication is required, as the attack targets the verification process itself. The exact sequence involves intercepting or forging a verification request to the vulnerable endpoint [3].

Impact

Successful exploitation enables an attacker to bypass the email verification step for new accounts [1]. This could lead to unauthorized creation of accounts without a valid email address, potentially facilitating spam or phishing campaigns using the AnonAddy service [3].

Mitigation

No fixed version has been disclosed in the available references [1][2]. Users are advised to monitor the vendor's official repository for updates and to consider applying security patches if they become available [1]. As of the publication date, no workaround has been provided.

References
  1. Free, Open-source Anonymous Email Forwarding | addy.io
  2. anonaddy/app/Http/Controllers/Auth/VerificationController.php at 0478d9e8d364787f203113544123048a41f022c0 · anonaddy/anonaddy
  3. The world’s first bug bounty platform for AI/ML

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • AnonAddy/VerificationController.phpdescription
  • AnonAddy/anonaddyllm-create
    Range: <=0.8.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.