CVE-2024-24770 – vantage6

Package

Manager: pip
Name: vantage6
Vulnerable Version: >=0 <4.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00198 pctl0.42024

Details

vantage6 vulnerable to a username timing attack on recover password/MFA token ### Impact Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`, which send emails to users if they have lost their password or MFA token. Usernames can be found by assessing response time differences, and additionally, they can be found because the endpoint gives a response "Failed to login" if the username exists. ### Patches No ### Workarounds No

Metadata

Created: 2024-03-15T16:44:36Z
Modified: 2024-03-15T16:44:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-5h3x-6gwf-73jm/GHSA-5h3x-6gwf-73jm.json
CWE IDs: ["CWE-208", "CWE-362"]
Alternative ID: GHSA-5h3x-6gwf-73jm
Finding: F063
Auto approve: 1