CVE-2022-34623

Name of the Vulnerable Software and Affected Versions Mealie version 1.0.0beta3

Description The issue allows user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.

Recommendations For Mealie version 1.0.0beta3, consider implementing measures to prevent timing attacks, such as introducing a constant delay in the authentication response or using a more secure authentication mechanism that does not reveal user existence through timing differences. At the moment, there is no information about a newer version that contains a fix for this vulnerability.