Skip to content

Instantly share code, notes, and snippets.

@mdickopp

mdickopp/CVE-2024-22893.md

Created September 25, 2024 12:59
Show Gist options
  • Save mdickopp/10e4a4ba3d7ded8315a1613ee7f2541e to your computer and use it in GitHub Desktop.
Save mdickopp/10e4a4ba3d7ded8315a1613ee7f2541e to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2024-22893
Raw
CVE-2024-22893.md

CVE-2024-22893

Password validation vulnerable to timing attacks in OpenSlides 4.0.15

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.

This vulnerability has been fixed in OpenSlides 4.0.16.

Timeline

  • 2023-Nov-19: Reported to vendor
  • 2023-Nov-20: Vendor confirmation
  • 2023-Nov-23: Vendor fix available
  • 2024-Sep-25: Public disclosure
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment