61 matches found
CVE-2026-6478
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
h3 has an observable timing discrepancy in basic auth utils
Summary A Timing Side-Channel vulnerability exists in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server's response time, effectively bypassing password complexity...
EUVD-2020-29730
Malware in sbrugna...
EUVD-2025-25168
Malicious code in bioql PyPI...
GHSA-J5PR-VRJJ-9V4H Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
CVE-2025-6386
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
CVE-2025-6386 Timing Attack Vulnerability in parisneo/lollms
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
CVE-2025-6386 Timing Attack Vulnerability in parisneo/lollms
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
CVE-2025-48952
NetAlertX (pre-25.6.7) contains an authentication bypass vulnerability in the PHP login check. The issue arises from a loose comparison using the == operator in front/index.php (line 40), which allows specially crafted SHA-256 magic hashes to bypass password verification. Hash values starting wit...
CVE-2024-5124
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...
CVE-2024-5124
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...
CVE-2024-5124
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...
CVE-2024-5124
CVE-2024-5124 affects gaizhenbiao/chuanhuchatgpt (version 20240310) with a timing-attack in the password comparison logic that uses the Python '=' operator. An attacker could infer correct passwords by measuring per-character comparison timing, potentially exposing credentials. The root cause is ...
CVE-2024-5124 Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...
CVE-2024-5124 Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...
PT-2024-34569 · Unknown · Gaizhenbiao/Chuanhuchatgpt
Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240310 Description: A timing attack vulnerability exists in the password comparison logic of the gaizhenbiao/chuanhuchatgpt repository. The vulnerability arises from the use of the '=' operator in Python f...
ChuanhuChatGPT Information Disclosure Vulnerability
ChuanhuChatGPT provides a fast and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and other LLMs. ChuanhuChatGPT suffers from an information disclosure vulnerability that stems from a timing attack vulnerability in the password comparison logic...
GHSA-R6MM-WMHF-849M Time-Based Information Disclosure Vulnerability in Flow
The PersistedUsernamePasswordProvider was prone to a information disclosure of account existance based on timing attacks as the hashing of passwords was only done in case an account was found. We changed the core so that the provider always does a password comparison in case credentials were...
Information disclosure
The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...