Summaryinfo

A vulnerability was found in Pylons horus. It has been classified as problematic. This affects an unknown part of the file horus/flows/local/services.py. The manipulation leads to timing discrepancy. This vulnerability is uniquely identified as CVE-2014-125056. There is no exploit available. It is recommended to apply a patch to fix this issue. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability was found in Pylons horus (the affected version unknown) and classified as problematic. Affected by this issue is an unknown part of the file horus/flows/local/services.py. The manipulation with an unknown input leads to a timing discrepancy vulnerability. Using CWE to declare the problem leads to CWE-208. Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. Impacted is confidentiality.

The weakness was presented 01/07/2023 as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. The advisory is available at github.com. This vulnerability is handled as CVE-2014-125056. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.

Applying the patch fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec is able to eliminate this problem. The bugfix is ready for download at github.com. The advisory contains the following remark:

Prevent timing attacks on passwords

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Pylons

Name

• horus

License

• open-source

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion