WRITEUP

WRITEUP
Exploit for CVE-2024-45052 - Fides <2.44.0 - Info Disclosure
AI Analysis

This patch addresses a timing attack vulnerability (CVE-2024-45052) in the Ethyca Fides login endpoint by introducing artificial delays and parallel operations for invalid users to reduce timing differences. The fix includes creating a temporary user in memory and postponing exceptions to mitigate side-channel attacks.

Attack Type
info_leak
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1592 - Gather Victim Host Information
Loading exploit code...
Download ZIP Password: eip
Source
Platform Writeup
Type patch
Files 1
Authors
Dawn Pattison
Vulnerability
CVE-2024-45052
Fides <2.44.0 - Info Disclosure
MEDIUM
CVSS 5.3