Description

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.

INFO

Published Date :

2024-06-06T18:54:13.192Z

Last Modified :

2025-05-20T14:04:05.415Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-5124 vulnerability.

Vendors Products
Gaizhenbiao
  • Chuanhuchatgpt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-5124.

URL Resource
https://github.com/gaizhenbiao/chuanhuchatgpt/commit/e46ec4ecd896bc3c88eb9a2f44e8593f3c6761b4 cve-icon cve-icon
https://huntr.com/bounties/e85ec077-930a-4597-975f-9341d2805641 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact