222 matches found
CVE-2024-54772
Summary: MikroTik RouterOS Winbox exposes a username-enumeration flaw due to a timing/response-size discrepancy. Affected: long-term 6.43.13–6.49.13 and stable 6.43–7.17.2; patch available in stable 6.49.18 (and upgrade to 7.18+). Practical impact: enables attackers to enumerate valid accounts. R...
ROS-20241211-10
Vulnerability of GnuTLS transport layer cryptographic library is related to difference of response time when processing RSA ciphertext in ClientKeyExchange message with correct and incorrect addition of PKCS1. PKCS1 padding. Exploitation of the vulnerability may allow a remote intruder to gain...
Timing Attack
mudler/LocalAI is vulnerable to Timing Attack. The vulnerability is due to a side-channel attack that exploits variations in response time during cryptographic operations, potentially exposing valid login credentials...
CVE-2024-7010
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...
Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)
Summary SQLite SQLite3 is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the sessionReadRecord function in...
Username Enumeration Attack
ethycafides is vulnerable to Username Enumeration Attack. The vulnerability is due to discrepancies in response times between valid and invalid usernames, which allow attackers to infer valid usernames based on the timing of server responses...
CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability
Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...
CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability
Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...
CVE-2024-45052
Affected software : Fides Webserver authentication (part of the Fides platform). Vulnerability : timing-based username enumeration where an unauthenticated attacker can deduce valid usernames by measuring login response times. Root cause / mechanics : observable timing discrepancy between respons...
PT-2024-31404
Name of the Vulnerable Software and Affected Versions Fides versions prior to 2.44.0 Description A timing-based username enumeration vulnerability exists in Fides Webserver authentication, allowing an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...
Outlook Web App (OWA) Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA Brute Force Utility', 'Description' = %q This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers. ,...
ROS-20240816-01
A vulnerability in the Portainer container management platform is related to a difference in authentication user authentication response time. Exploitation of the vulnerability could allow an attacker acting remotely to determine whether a username is valid or invalid. remotely, whether the...
eduAuthorities 1.0 SQL Injection
Titles: eduAuthorities-1.0 Multiple-SQLi Author: nu11secur1ty Date: 07/29/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html Reference: https://portswigger.net/web-security/sql-injection Description: The...
CVE-2024-29296
A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...
PT-2024-5801 · Unknown +1 · Portainer Ce +1
Name of the Vulnerable Software and Affected Versions: Portainer CE version 2.19.4 Description: A user enumeration issue is present in the user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This...
CVE-2024-29296
A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...
User Enumeration
Liferay Portal is vulnerable to a User Enumeration. The vulnerability is due to differences in response times of requests, allowing remote attackers to determine the existence of an account in the application...
vantage6 vulnerable to a username timing attack on recover password/MFA token
Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...
GHSA-5H3X-6GWF-73JM vantage6 vulnerable to a username timing attack on recover password/MFA token
Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...
BIT-TYPO3-2022-36105
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...