3 matches found
CVE-2024-24770 Username timing attack on recover password/MFA token in vantage6
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost...
CVE-2023-23929 Refresh tokens do not expire in Vantage6
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0...
PT-2023-18679 · Vantage6 · Vantage6
Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 3.8.0 Description: The issue concerns a privacy-preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organization is currently possible, which may lead to...