The vulnerability arises from the use of the '==' operator for password comparison in the authentication process. This method is vulnerable to timing attacks because the time it takes to compare two strings can vary based on how many characters match before a difference is found. An attacker can measure the time it takes for the system to respond to authentication attempts and use this information to infer the correct password, one character at a time. This type of attack is particularly effective against systems where the response time can be accurately measured and where multiple attempts can be made without raising alarms.

An attacker begins by sending authentication requests to the server, varying the password by one character at a time. By measuring the time it takes for the server to respond to each request, the attacker can infer which characters are correct based on longer response times. This process is repeated character by character until the entire password is discovered. The attacker can then use the correct password to gain unauthorized access to the system.

Users of the 'gaizhenbiao/chuanhuchatgpt' software version 20240310 are affected by this vulnerability. Specifically, accounts protected by the flawed authentication mechanism are at risk of unauthorized access if an attacker successfully exploits this vulnerability.