silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

2024-05-2721:45:27

GitHub Advisory Database

github.com

vulnerable

user enumeration

timing attack

password reset

AI Score

7.3

Confidence

Low

User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials.

Affected configurations

Vulners

Node

silverstripeframeworkRange3.6.0-rc1–3.6.2

silverstripeframeworkRange3.5.0-rc1–3.5.5

VendorProductVersionCPE
silverstripeframework*cpe:2.3:a:silverstripe:framework:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
silverstripe	framework	*	cpe:2.3:a:silverstripe:framework::::::::

github.com/advisories/GHSA-7m2v-x7rg-5hm5

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/framework/SS-2017-005-1.yaml

github.com/silverstripe/silverstripe-framework/commit/f0262a8fd9ab5fb51b178ace3c3487351217f5a0

www.silverstripe.org/download/security-releases/ss-2017-005

AI Score

7.3

Confidence

Low