CVE-2025-30344

LOW Year: 2025
CVSS v3 Score
3.7
Low
Weakness Type
CWE-208
View all →

Vulnerability Description

An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password (e.g., more than 100 milliseconds).

Related Vulnerabilities

CVE-2024-21671

LOW
CVSS:3.7(Low)

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the respon...

CWE-2082024

CVE-2022-25332

MEDIUM
CVSS:4.1(Medium)

The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor p...

CWE-2082022

CVE-2024-40640

LOW
CVSS:2.9(Low)

vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group ...

CWE-2082024

CVE-2020-11037

MEDIUM
CVSS:4.7(Medium)

In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password c...

CWE-2082020

CVE-2020-35165

MEDIUM
CVSS:4.7(Medium)

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CWE-2082020

CVE-2021-26318

MEDIUM
CVSS:4.7(Medium)

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.

CWE-2082021