CVE-2024-0436

Name of the Vulnerable Software and Affected Versions Software (affected versions not specified)

Description The issue theoretically allows an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack. This is due to the linear nature of the !== used for comparison. However, the risk is minimized by the additional overhead of the request, which varies in a non-constant nature, making the attack less reliable to execute.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.