Vulnerability CVE-2024-21671


Published: 2024-01-30

Description:
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.

Type:

CWE-208

(Information Exposure Through Timing Discrepancy)

 References:
https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53
https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30

Copyright 2024, cxsecurity.com

 

Back to Top