CVE-2024-22893

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 25, 2024

Updated: Sep 26, 2024

CWE ID 269

Summary

CVE-2024-22893 is a vulnerability affecting OpenSlides 4.0.15 that allows attackers to perform a timing attack on password verification. The software utilizes a content-dependent function during password hash comparison, revealing information about the password hash through subtle differences in processing time. This issue poses a significant risk to system security, as attackers can potentially gain unauthorized access to user accounts. It is recommended that users upgrade to the latest version of OpenSlides to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Openslides

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uGxjkw
https://www.cve.org/CVERecord?id=CVE-2024-22893
https://nvd.nist.gov/vuln/detail/CVE-2024-22893

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-22893

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations