vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.
References
Link | Resource |
---|---|
https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2 | Patch |
https://github.com/vantage6/vantage6/issues/59 | Issue Tracking Vendor Advisory |
https://github.com/vantage6/vantage6/pull/281 | Patch Vendor Advisory |
https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-03-01T16:23:18.720Z
Updated: 2023-03-01T16:23:18.720Z
Reserved: 2022-09-02T14:16:35.824Z
Link: CVE-2022-39228
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-01T17:15:10.980
Modified: 2023-11-07T03:50:22.207
Link: CVE-2022-39228
JSON object: View
Redhat Information
No data.