Mdickopp

**Name of the Vulnerable Software and Affected Versions** OpenSlides version 4.0.15 **Description** The issue is related to the use of a weak hashing algorithm for storing passwords. **Recommendations** For OpenSlides version 4.0.15, update to a version that uses a secure password hashing algorithm to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** OpenSlides version 4.0.15 **Description** The issue allows attackers to obtain information about the password hash using a timing attack, as the password verification function in OpenSlides has content-dependent runtime. This means the function takes different times to compare password hashes, potentially revealing sensitive information. **Recommendations** For OpenSlides version 4.0.15, consider implementing a constant-time comparison function for password hashes to prevent timing attacks. As a temporary workaround, restrict access to the password verification function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.