CVE-2024-21671 LOW

CVE-2024-21671: vantage6 username timing attack

Vendor Vantage6
Product vantage6
Weakness CWE-208
Published January 30, 2024
Last update October 17, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.

Key dates

02Disclosure timeline

January 30, 2024 CVE published
October 17, 2024 Record updated

Related vulnerabilities

04Related CVE