Lucene search
K

3242 matches found

NVD
NVD
added 2024/09/25 3:15 p.m.25 views

CVE-2024-22893

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...

7.5CVSS0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/25 12:0 a.m.16 views

CVE-2024-22893

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...

6.7AI score0.00354EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.5 views

OpenSlides 安全漏洞

OpenSlides is a free, web-based presentation and assembly system from OpenSlides Open Source. It is used to manage and project agendas, motions and elections for assemblies. A security vulnerability exists in OpenSlides version 4.0.15 that originates from validating a password by comparing the...

7.5CVSS6.5AI score0.00354EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.5 views

PT-2024-19601 · Unknown · Openslides

Name of the Vulnerable Software and Affected Versions: OpenSlides version 4.0.15 Description: The issue allows attackers to obtain information about the password hash using a timing attack, as the password verification function in OpenSlides has content-dependent runtime. This means the function...

7.5CVSS6.3AI score0.00354EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/09/25 12:0 a.m.17 views

CVE-2024-22893

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...

0.00354EPSS
Exploits0References1
CVE
CVE
added 2024/09/25 12:0 a.m.45 views

CVE-2024-22893

OpenSlides 4.0.15 is affected by a timing-attack vulnerability in password verification, where the hash comparison runs in a content-dependent way. This can allow an attacker to infer information about password hashes. Details across sources consistently identify the affected version as 4.0.15 an...

7.5CVSS6.7AI score0.00354EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2024/09/23 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-2467)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.01614EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/09/18 12:0 a.m.5 views

The vulnerability of the django.contrib.auth.backends.ModelBackend.authenticate() method in the Django web application framework allows a hacker to gain unauthorized access to protected information.

The vulnerability of the django.contrib.auth.backends.ModelBackend.authenticate method in the Django web application framework is related to insufficient protection of sensitive data due to timing discrepancies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...

5.3CVSS6.5AI score0.00889EPSS
Exploits0References8Affected Software1
F5 Networks
F5 Networks
added 2024/09/12 2:53 a.m.43 views

K000141045: OpenSSH vulnerability CVE-2024-39894

Security Advisory Description OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. CVE-2024-39894 Impact There...

7.5CVSS6.2AI score0.01634EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/09 4:9 p.m.11 views

keycloak: potential bypass of brute force protection

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...

6.5CVSS5.8AI score0.00793EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/09 4:2 p.m.2 views

keycloak: potential bypass of brute force protection

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...

6.5CVSS5.8AI score0.00793EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/09 4:1 p.m.5 views

keycloak: potential bypass of brute force protection

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...

6.5CVSS5.8AI score0.00793EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/09 3:58 p.m.5 views

keycloak: potential bypass of brute force protection

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...

6.5CVSS5.8AI score0.00793EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/05 2:13 p.m.1 views

python-django: Username enumeration through timing difference for users with unusable passwords

A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords...

5.3CVSS7.1AI score0.00889EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.5 views

Ethyca Fides 安全漏洞

Ethyca Fides is an open source privacy engineering platform from Ethyca, Inc. for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in Ethyca Fides versions prior to 2.44.0. An attack...

5.3CVSS6.3AI score0.00552EPSS
Exploits1References3
OSV
OSV
added 2024/09/03 9:31 p.m.1 views

GHSA-8WM9-24QG-M5QJ Duplicate Advisory: Keycloak has a brute force login protection bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gc7q-jgjv-vjr2. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the...

6.9CVSS5.8AI score0.00793EPSS
Exploits0References11
Veracode
Veracode
added 2024/09/02 9:15 a.m.5 views

Timing Attack

Adyen is vulnerable to a Timing Attack. The vulnerability is due to improper constant-time comparison of HMACs in the isvalidhmac and isvalidhmacnotification methods, allowing an attacker to infer the correct HMAC by measuring timing differences...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.1286 views

SSH Username Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SSH Username Enumeration', 'Description' = %q This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The...

5.9CVSS7.3AI score0.98631EPSS
Exploits41
Github Security Blog
Github Security Blog
added 2024/08/30 6:51 p.m.12 views

Adyen APIs Library for Python timing attack vulnerability

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

7.1AI score
Exploits0References5Affected Software1
OSV
OSV
added 2024/08/30 6:51 p.m.10 views

GHSA-F3Q4-GGFP-JV34 Adyen APIs Library for Python timing attack vulnerability

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

6.9CVSS7.1AI score
Exploits0References5
Rows per page
Query Builder