CVE-2022-39228

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 3.8.0

Description vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. It does not inform the user of wrong username/password combination if the username actually exists, in an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily.

Recommendations Update to version 3.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the number of login attempts to minimize the risk of exploitation.