5 matches found
CVE-2024-21671
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...
CVE-2024-21671
creationtimestamp| type| source ---|---|--- 2024-01-30 17:21:58+00:00| seen| https://t.me/ctinow/176103...
vantage6-algorithm-store (>=4.10.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-21671 via vantage6 (>=0.0.0 <=4.1.3)
vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-21671 Source advisory: OSV:PYSEC-2024-31...
CVE-2024-21671 vantage6 username timing attack
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...
CVE-2024-21671
The CVE-2024-21671 entry describes a username timing attack in the vantage6 login flow. Attackers could infer valid usernames from login response timing, aiding credential-based attacks. The issue is documented for vantage6 and is addressed by upgrading to version 4.2.0, which patches the vulnera...