Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2024/01/30 8:56 p.m.29 views

vantage6 vulnerable to username timing attack

Impact It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks Workarounds No...

3.7CVSS6.8AI score0.00398EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/01/30 3:43 p.m.191 views

CVE-2024-21671 vantage6 username timing attack

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

3.7CVSS4.6AI score0.00398EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.7 views

vantage6 Security Vulnerabilities

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability previously existed in vantage6 version 4.2.0 that stemmed from the ability to find out a username from the response time of a login request...

3.7CVSS6.7AI score0.00398EPSS
Exploits0References3
OSV
OSV
added 2022/05/20 1:15 p.m.4 views

CVE-2022-24043

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application fails to normalize the response times o...

5.3CVSS6AI score0.0099EPSS
Exploits0References1
Rows per page
Query Builder