Описание
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.11.0 (исключая)
cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00058
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-307
Связанные уязвимости
github
8 месяцев назад
vantage6 lacks brute-force protection on change password functionality
EPSS
Процентиль: 18%
0.00058
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-307