Threats Tagged 'ghsa-gq4g-fpc9-vjfq'
View all threats tagged with 'ghsa-gq4g-fpc9-vjfq'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ghsa-gq4g-fpc9-vjfq'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-gq4g-fpc9-vjfq: Webauthn: SimpleFakeCredentialGenerator with an empty secret produces predictable fake credentials, weakening username enumeration protection 0 The Webauthn library's SimpleFakeCredentialGenerator, when instantiated without a secret, produces predictable fake credentials based solely on the username. This predictability allows attackers to distinguish between real and fake usernames, defeating the intended username enumeration protection. The issue affects versions from 4.9.0 up to but not including 5.3.5. The default Symfony bundle configuration is not affected as it injects a non-empty secret. The vulnerability is considered low severity since it only re-enables username enumeration and does not affect the validity of responses. Join the discussion | GCVE Database | 07/07/2026, 23:39:43 UTC Added: 07/08/2026, 13:21:43 UTC |
Showing 1 to 1 of 1 result