3 matches found
CVE-2023-46739
CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...
CVE-2023-46739
CVE-2023-46739 affects CubeFS (open-source cloud-native file storage). In the CubeFS master component, the UserService uses raw string comparison for passwords, enabling a timing-attack which could leak user passwords. This vulnerability exists in versions prior to 3.3.1 and is fixed in v3.3.1; u...
CVE-2023-46739 Timing attack can leak user passwords
CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...