Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2

vantage6 vulnerable to a username timing attack on recover password/MFA token

Impact

Much like https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost, which send emails to users if they have lost their password or MFA token. Usernames can be found by assessing response time differences, and additionally, they can be found because the endpoint gives a response "Failed to login" if the username exists.

Patches

No

Workarounds

No

Permalink: https://github.com/advisories/GHSA-5h3x-6gwf-73jm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 month ago
Updated: about 1 month ago

CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-5h3x-6gwf-73jm, CVE-2024-24770
References:

• https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53
• https://github.com/vantage6/vantage6/security/advisories/GHSA-5h3x-6gwf-73jm
• https://nvd.nist.gov/vuln/detail/CVE-2024-24770
• https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b
• https://github.com/advisories/GHSA-5h3x-6gwf-73jm

Repository: https://github.com/vantage6/vantage6
Blast Radius: 5.1

Affected Packages