GHSA-45QM-J4M9-WHV9 eZ Platform CSRF token in login form is disabled by default

his security advisory fixes a potential vulnerability in the eZ Platform log in form. That form has a Cross-Site Request Forgery CSRF token, but the CSRF functionality is not enabled by default, meaning the token is inactive. The fix is distributed via Composer as ezsystems/ezplatform v2.5.4, and...

GHSA-2X4V-G8CX-JXRQ Login timing attack in ibexa/core

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replace...

Login timing attack in ezsystems/ezpublish-kernel

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replace...

GHSA-XFQG-P48G-HH94 Login timing attack in ezsystems/ezpublish-kernel

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replace...

GHSA-342C-VCFF-2FF2 Login timing attack in ezsystems/ezplatform-kernel

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replace...