Timing Attack Vulnerability in mudler/localai Affects Security of Cryptographic Algorithms
CVE-2024-7010

5.9MEDIUM

Key Information:

Vendor: Mudler
Status: Localai
Vendor: CVE Published:; 29 October 2024

Summary

The localai product from mudler is susceptible to a Timing Attack, which is a type of side-channel vulnerability. This exploit enables a malicious actor to glean sensitive information by measuring the time differential in cryptographic algorithm execution. Particularly concerning is the impact on password management—attackers could ascertain valid credentials through variations in server response times. Consequently, this jeopardizes users’ accounts, allowing for potential unauthorized access and compromising overall cybersecurity.

References

https://huntr.com/bounties/e286ed00-6383-47de-b5bc-9b9fad...

https://github.com/mudler/localai/commit/db1159b6511e8fa0...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2024