Name of the Vulnerable Software and Affected Versions: OSV (affected versions not specified)

Description: The issue concerns information disclosure of account existence based on timing attacks. This occurred because the hashing of passwords was only done when an account was found. To address this, the core was modified so that the provider always performs a password comparison when credentials are submitted.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.