Описание
An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password (e.g., more than 100 milliseconds).
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.5 (исключая)
cpe:2.3:a:openslides:openslides:*:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.0009
Низкий
5.3 Medium
CVSS3
3.7 Low
CVSS3
Дефекты
CWE-208
CWE-203
Связанные уязвимости
CVSS3: 5.3
github
11 месяцев назад
An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password (e.g., more than 100 milliseconds).
EPSS
Процентиль: 26%
0.0009
Низкий
5.3 Medium
CVSS3
3.7 Low
CVSS3
Дефекты
CWE-208
CWE-203