Skip to content

Instantly share code, notes, and snippets.

View mdickopp's full-sized avatar

Martin Dickopp mdickopp

2 followers · 0 following
  • Berlin, Germany
View GitHub Profile
@mdickopp
mdickopp / main.rs
Created January 20, 2025 19:16
Test file for https://github.com/bevyengine/bevy/issues/17004
use bevy_ecs::component::Component;
#[derive(Component)]
struct C0000;
#[derive(Component)]
struct C0001;
#[derive(Component)]
struct C0002;
@mdickopp
mdickopp / CVE-2024-22893.md
Created September 25, 2024 12:59
CVE-2024-22893

CVE-2024-22893

Password validation vulnerable to timing attacks in OpenSlides 4.0.15

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.

This vulnerability has been fixed in OpenSlides 4.0.16.

@mdickopp
mdickopp / CVE-2024-22892.md
Created September 25, 2024 12:51
CVE-2024-22892

CVE-2024-22892

Weak password hashing in OpenSlides 4.0.15

OpenSlides 4.0.15 hashes passwords by applying a single round of SHA-512 to the cleartext password and the salt. Attackers who have obtained the hashed passwords can therefore calculate the cleartext passwords within a very short amount of time, using massively-parallel computing (such as cloud computing) and GPU, ASIC, or FPGA hardware.