Описание
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openslides:openslides:4.0.15:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00245
Низкий
7.5 High
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.
EPSS
Процентиль: 48%
0.00245
Низкий
7.5 High
CVSS3
Дефекты
CWE-269