CVE-2025-30344

Medium CVSS: 5.3

An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password (e.g., more than 100 milliseconds).

Vendor

Openslides

Product

Openslides

CWE

CWE-208

Yayın Tarihi

2025-03-21 06:15:26

Güncelleme

2025-03-27 14:40:42

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-208 Openslides MEDIUM Openslides 2025

Referanslar

https://www.x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides

Benzer Kayıtlar

High

CVE-2026-25519

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and electio…

Low

CVE-2025-30345

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user i…

Medium

CVE-2025-30342

An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda T…

Low

CVE-2025-30343

A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and…