Low severityNVD Advisory· Published Jan 30, 2024· Updated Oct 17, 2024
vantage6 username timing attack
CVE-2024-21671
Description
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vantage6-serverPyPI | < 4.2.0 | 4.2.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-45gq-q4xh-cp53ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21671ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2024-31.yamlghsaWEB
- github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30ghsax_refsource_MISCWEB
- github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.