logo

Database

Lack of data validation - Path Traversal In vantage6

Description

vantage6 vulnerable to a username timing attack on recover password/MFA token

Impact

Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be found by assessing response time differences, and additionally, they can be found because the endpoint gives a response "Failed to login" if the username exists.

Patches

No

Workarounds

No

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-247702. NVD-2024-247703. OSV-2024-247704. GHSA-45gq-q4xh-cp535. GHSA-5h3x-6gwf-73jm6. GCVE-2024-24770

References

1. https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp532. https://github.com/vantage6/vantage6/security/advisories/GHSA-5h3x-6gwf-73jm3. https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.