Lucene search
GoogleOSV:GHSA-45GQ-Q4XH-CP53HistoryJan 30, 2024 - 8:56 p.m.
vantage6 vulnerable to username timing attack
2024-01-3020:56:48
Google
osv.dev
6
vantage6
timing attack
username
vulnerability
security
credential
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
17.0%
Impact
It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks
Workarounds
No
Related
osv
osv
CVE-2024-24770
2024-03-14 19:15:49
CVE-2024-21671
2024-01-30 16:15:48
cve
cve
CVE-2024-24770
2024-03-14 19:15:49
CVE-2024-21671
2024-01-30 16:15:48
veracode
veracode
User Enumeration
2024-01-31 07:01:13
Username Enumeration
2024-03-18 08:15:06
vulnrichment
vulnrichment
cvelist
cvelist
CVE-2024-21671 vantage6 username timing attack
2024-01-30 15:43:06
cnvd
cnvd
Unspecified vulnerability in vantage6 (CNVD-2024-07864)
2024-02-04 00:00:00
prion
prion
Security feature bypass
2024-01-30 16:15:00
nvd
nvd
CVE-2024-24770
2024-03-14 19:15:49
CVE-2024-21671
2024-01-30 16:15:48
github
github
vantage6 vulnerable to username timing attack
2024-01-30 20:56:48
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for OSV:GHSA-45GQ-Q4XH-CP53