A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 04 Nov 2024 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 |
Mon, 04 Nov 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 17 Oct 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gaizhenbiao
Gaizhenbiao chuanhuchatgpt |
|
Weaknesses | CWE-203 | |
CPEs | cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gaizhenbiao
Gaizhenbiao chuanhuchatgpt |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-06T18:54:13.192Z
Updated: 2024-11-14T13:27:57.910Z
Reserved: 2024-05-19T15:09:09.363Z
Link: CVE-2024-5124
Vulnrichment
Updated: 2024-08-01T21:03:10.927Z
NVD
Status : Modified
Published: 2024-06-06T19:16:03.863
Modified: 2024-11-21T09:47:01.353
Link: CVE-2024-5124
Redhat
No data.