Lucene search
+L

222 matches found

CVE
CVE
added 2025/02/11 12:0 a.m.208 views

CVE-2024-54772

Summary: MikroTik RouterOS Winbox exposes a username-enumeration flaw due to a timing/response-size discrepancy. Affected: long-term 6.43.13–6.49.13 and stable 6.43–7.17.2; patch available in stable 6.49.18 (and upgrade to 7.18+). Practical impact: enables attackers to enumerate valid accounts. R...

5.4CVSS5.4AI score0.00763EPSS
Exploits2References1Affected Software1
Redos
Redos
added 2024/12/11 12:0 a.m.13 views

ROS-20241211-10

Vulnerability of GnuTLS transport layer cryptographic library is related to difference of response time when processing RSA ciphertext in ClientKeyExchange message with correct and incorrect addition of PKCS1. PKCS1 padding. Exploitation of the vulnerability may allow a remote intruder to gain...

7.5CVSS7.1AI score0.01614EPSS
Exploits1
Veracode
Veracode
added 2024/11/19 6:34 a.m.11 views

Timing Attack

mudler/LocalAI is vulnerable to Timing Attack. The vulnerability is due to a side-channel attack that exploits variations in response time during cryptographic operations, potentially exposing valid login credentials...

7.5CVSS6.7AI score0.00533EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/10/29 1:15 p.m.22 views

CVE-2024-7010

mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...

7.5CVSS0.00533EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/07 3:19 p.m.20 views

Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary SQLite SQLite3 is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the sessionReadRecord function in...

7.3CVSS7.7AI score0.01249EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2024/09/06 3:3 a.m.13 views

Username Enumeration Attack

ethycafides is vulnerable to Username Enumeration Attack. The vulnerability is due to discrepancies in response times between valid and invalid usernames, which allow attackers to infer valid usernames based on the timing of server responses...

5.3CVSS6.7AI score0.00552EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/04 3:43 p.m.15 views

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS7.2AI score0.00552EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/09/04 3:43 p.m.51 views

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS0.00552EPSS
Exploits1References2
CVE
CVE
added 2024/09/04 3:43 p.m.61 views

CVE-2024-45052

Affected software : Fides Webserver authentication (part of the Fides platform). Vulnerability : timing-based username enumeration where an unauthenticated attacker can deduce valid usernames by measuring login response times. Root cause / mechanics : observable timing discrepancy between respons...

5.3CVSS5.3AI score0.00552EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.9 views

PT-2024-31404

Name of the Vulnerable Software and Affected Versions Fides versions prior to 2.44.0 Description A timing-based username enumeration vulnerability exists in Fides Webserver authentication, allowing an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS5.9AI score0.00552EPSS
Exploits1References14
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.576 views

Outlook Web App (OWA) Brute Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA Brute Force Utility', 'Description' = %q This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers. ,...

7.4AI score
Exploits0
Redos
Redos
added 2024/08/16 12:0 a.m.20 views

ROS-20240816-01

A vulnerability in the Portainer container management platform is related to a difference in authentication user authentication response time. Exploitation of the vulnerability could allow an attacker acting remotely to determine whether a username is valid or invalid. remotely, whether the...

5.3CVSS7.1AI score0.01242EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/06 12:0 a.m.274 views

eduAuthorities 1.0 SQL Injection

Titles: eduAuthorities-1.0 Multiple-SQLi Author: nu11secur1ty Date: 07/29/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html Reference: https://portswigger.net/web-security/sql-injection Description: The...

7.4AI score
Exploits0
NVD
NVD
added 2024/04/10 3:16 p.m.28 views

CVE-2024-29296

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...

5.3CVSS6.8AI score0.01242EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.9 views

PT-2024-5801 · Unknown +1 · Portainer Ce +1

Name of the Vulnerable Software and Affected Versions: Portainer CE version 2.19.4 Description: A user enumeration issue is present in the user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This...

5.3CVSS6.5AI score0.01242EPSS
Exploits2References9
OSV
OSV
added 2024/04/10 12:0 a.m.9 views

CVE-2024-29296

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...

5.3CVSS7.4AI score0.01242EPSS
Exploits2References3
Veracode
Veracode
added 2024/03/26 10:59 a.m.12 views

User Enumeration

Liferay Portal is vulnerable to a User Enumeration. The vulnerability is due to differences in response times of requests, allowing remote attackers to determine the existence of an account in the application...

5.3CVSS6.8AI score0.00527EPSS
Exploits0References1Affected Software4
Github Security Blog
Github Security Blog
added 2024/03/15 4:44 p.m.38 views

vantage6 vulnerable to a username timing attack on recover password/MFA token

Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...

5.3CVSS7.2AI score0.00394EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/03/15 4:44 p.m.18 views

GHSA-5H3X-6GWF-73JM vantage6 vulnerable to a username timing attack on recover password/MFA token

Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be...

5.3CVSS4.4AI score0.00394EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:9 a.m.21 views

BIT-TYPO3-2022-36105

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...

5.3CVSS5.3AI score0.01014EPSS
Exploits0References3
Rows per page
Query Builder