3242 matches found
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
OpenSlides 安全漏洞
OpenSlides is a free, web-based presentation and assembly system from OpenSlides Open Source. It is used to manage and project agendas, motions and elections for assemblies. A security vulnerability exists in OpenSlides version 4.0.15 that originates from validating a password by comparing the...
PT-2024-19601 · Unknown · Openslides
Name of the Vulnerable Software and Affected Versions: OpenSlides version 4.0.15 Description: The issue allows attackers to obtain information about the password hash using a timing attack, as the password verification function in OpenSlides has content-dependent runtime. This means the function...
CVE-2024-22893
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...
CVE-2024-22893
OpenSlides 4.0.15 is affected by a timing-attack vulnerability in password verification, where the hash comparison runs in a content-dependent way. This can allow an attacker to infer information about password hashes. Details across sources consistently identify the affected version as 4.0.15 an...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-2467)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the django.contrib.auth.backends.ModelBackend.authenticate() method in the Django web application framework allows a hacker to gain unauthorized access to protected information.
The vulnerability of the django.contrib.auth.backends.ModelBackend.authenticate method in the Django web application framework is related to insufficient protection of sensitive data due to timing discrepancies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...
K000141045: OpenSSH vulnerability CVE-2024-39894
Security Advisory Description OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. CVE-2024-39894 Impact There...
keycloak: potential bypass of brute force protection
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...
keycloak: potential bypass of brute force protection
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...
keycloak: potential bypass of brute force protection
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...
keycloak: potential bypass of brute force protection
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...
python-django: Username enumeration through timing difference for users with unusable passwords
A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords...
Ethyca Fides 安全漏洞
Ethyca Fides is an open source privacy engineering platform from Ethyca, Inc. for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Ethyca Fides versions prior to 2.44.0. An attack...
GHSA-8WM9-24QG-M5QJ Duplicate Advisory: Keycloak has a brute force login protection bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gc7q-jgjv-vjr2. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the...
Timing Attack
Adyen is vulnerable to a Timing Attack. The vulnerability is due to improper constant-time comparison of HMACs in the isvalidhmac and isvalidhmacnotification methods, allowing an attacker to infer the correct HMAC by measuring timing differences...
SSH Username Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SSH Username Enumeration', 'Description' = %q This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The...
Adyen APIs Library for Python timing attack vulnerability
Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...
GHSA-F3Q4-GGFP-JV34 Adyen APIs Library for Python timing attack vulnerability
Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...