Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PolarLearn Affected by User Enumeration via Argon2 Timing Attack on Sign-In Endpoint
Vulnerability Description
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint, an attacker can distinguish between valid and invalid email addresses. This occurs because the server only performs the computationally expensive Argon2 password hashing if the user exists in the database. Requests for existing users take significantly longer (~650ms) than requests for non-existent users (~160ms).
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
PolarLearn 信息泄露漏洞
Vulnerability Description
PolarLearn是PolarNL开源的一个在线学习平台。 PolarLearn 0-PRERELEASE-15及之前版本存在信息泄露漏洞,该漏洞源于登录过程存在时间攻击,可能导致枚举已注册的电子邮件地址。
CVSS Information
N/A
Vulnerability Type
N/A