Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vantage6 lacks brute-force protection on change password functionality
Vulnerability Description
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.
CVSS Information
N/A
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
vantage6 安全漏洞
Vulnerability Description
vantage6是vantage6开源的一个用于 Secure Insight eXchange 的开源 priVAcy preserviNg federalTed leArningG 基础架构。 vantage6 4.11之前版本存在安全漏洞,该漏洞源于更改密码功能允许无限次尝试,可能导致暴力破解攻击。
CVSS Information
N/A
Vulnerability Type
N/A