Cve 2025 24023. CVE20243400 Activity ThreatLabz Before version 4.5.3, the framework unintentionally disclosed usernames through response time variations when unauthenticated users attempted to log in Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login.
CVE202522376 Weak Default Nonce Generation in NetOAuthClient in NetOAuth Package for from www.cve.news
By comparing the server's response time to login requests with existing and nonexistent usernames, an attacker could enumerate existing usernames. This issue, named as a timing attack, could be exploited by an attacker to enumerate usernames.
CVE202522376 Weak Default Nonce Generation in NetOAuthClient in NetOAuth Package for
The vulnerability in question, CVE-2025-24023, relates to a timing attack on the authentication system in FAB versions before 4.5.3 Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login CVE-ID; CVE-2025-24023: Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
How to fix CVE20232033 in Google Chrome Vulcan Cyber. This issue, named as a timing attack, could be exploited by an attacker to enumerate usernames. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login.
New Features November 2022 Phoenix Security. Description; Flask-AppBuilder is an application development framework Vulnerability Details : CVE-2025-24023 Flask-AppBuilder is an application development framework
