A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.
History

Thu, 14 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 04 Nov 2024 11:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Mon, 04 Nov 2024 10:45:00 +0000


Thu, 17 Oct 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Gaizhenbiao
Gaizhenbiao chuanhuchatgpt
Weaknesses CWE-203
CPEs cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*
Vendors & Products Gaizhenbiao
Gaizhenbiao chuanhuchatgpt
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:54:13.192Z

Updated: 2024-11-14T13:27:57.910Z

Reserved: 2024-05-19T15:09:09.363Z

Link: CVE-2024-5124

cve-icon Vulnrichment

Updated: 2024-08-01T21:03:10.927Z

cve-icon NVD

Status : Modified

Published: 2024-06-06T19:16:03.863

Modified: 2024-11-21T09:47:01.353

Link: CVE-2024-5124

cve-icon Redhat

No data.