CVE-2024-21671

Low

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party…

GitHub_M·CWE-208·Published 2024-01-30

CVSS

3.7

EPSS

0.00

KEV

Exploits

cve.orgen

318 chars

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.

NVDen

318 chars

OSV.deven

318 chars

GHSAen

156 chars

### Impact It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks ### Workarounds No

NVDes

387 chars

La tecnología vantage6 permite gestionar e implementar tecnologías que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). Es posible averiguar los nombres de usuario a partir del tiempo de respuesta de las solicitudes de inicio de sesión. Esto podría ayudar a los atacantes en ataques de credenciales. La versión 4.2.0 parchea esta vulnerabilidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	3.7	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	NVD	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	3.7	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	NVD	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	GHSA	3.7	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N