Ruslan Amrahov

**Name of the Vulnerable Software and Affected Versions** RELATE versions prior to commit 2f68e16 **Description** A timing attack exists in the `check sign in key()` function within the `course/auth.py` file. A timing attack is a side-channel attack where an attacker attempts to compromise a system by analyzing the time it takes to execute specific algorithms. **Recommendations** Update to the version containing commit 2f68e16. As a temporary workaround, restrict access to the `check sign in key()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RELATE versions prior to commit 2f68e16 **Description** RELATE is a web-based courseware package that contains a flaw allowing predictable token generation. This issue occurs within the `make sign in key()` function in auth.py and the `gen ticket code()` function in exam.py. **Recommendations** Update to the version containing commit 2f68e16.