Vulnerability Database
296,621
Total vulnerabilities in the database
Time-Based Information Disclosure Vulnerability in Flow
The PersistedUsernamePasswordProvider was prone to a information disclosure of account existance based on timing attacks as the hashing of passwords was only done in case an account was found. We changed the core so that the provider always does a password comparison in case credentials were submitted at all.
| Software | From | Fixed in |
|---|---|---|
neos / flow
|
2.3.0 | 2.3.16 |
|
neos / flow
|
3.0.0 | 3.0.10 |
|
neos / flow
|
3.1.0 | 3.1.7 |
|
neos / flow
|
3.2.0 | 3.2.7 |
|
neos / flow
|
3.3.0 | 3.3.5 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime