Cve 2025 24023. CVE202420253 Critical Code Execution Flaw in Cisco Products The vulnerability in question, CVE-2025-24023, relates to a timing attack on the authentication system in FAB versions before 4.5.3 This issue, named as a timing attack, could be exploited by an attacker to enumerate usernames.
Microsoft and Adobe Patch Tuesday, January 2025 Security Update Review Qualys Security Blog from blog.qualys.com
Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. By comparing the server's response time to login requests with existing and nonexistent usernames, an attacker could enumerate existing usernames.
Microsoft and Adobe Patch Tuesday, January 2025 Security Update Review Qualys Security Blog
CVE-ID; CVE-2025-24023: Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics. Description; Flask-AppBuilder is an application development framework
Citrix Cve 20254966 David Mcgrath. Before version 4.5.3, the framework unintentionally disclosed usernames through response time variations when unauthenticated users attempted to log in CVE-2025-24023 is a vulnerability affecting the Flask-AppBuilder application development framework
CVE202242475 ioo0s's blog. The vulnerability in question, CVE-2025-24023, relates to a timing attack on the authentication system in FAB versions before 4.5.3 This issue, named as a timing attack, could be exploited by an attacker to enumerate usernames.