CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-J9VJ-G2JH-WQ6V
Vulnerability from github – Published: 2025-10-09 15:31 – Updated: 2025-10-09 15:31IBM Aspera 5.0.0 through 5.0.13.1
could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.
{
"affected": [],
"aliases": [
"CVE-2025-36225"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-09T14:15:54Z",
"severity": "MODERATE"
},
"details": "IBM Aspera 5.0.0 through 5.0.13.1 \n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.",
"id": "GHSA-j9vj-g2jh-wq6v",
"modified": "2025-10-09T15:31:03Z",
"published": "2025-10-09T15:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36225"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7247502"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JG62-H63C-XCXJ
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts.
{
"affected": [],
"aliases": [
"CVE-2021-38476"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-19T13:15:00Z",
"severity": "MODERATE"
},
"details": "InHand Networks IR615 Router\u0027s Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts.",
"id": "GHSA-jg62-h63c-xcxj",
"modified": "2022-05-24T19:18:02Z",
"published": "2022-05-24T19:18:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38476"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JGC6-C9V8-VFQW
Vulnerability from github – Published: 2024-07-01 18:32 – Updated: 2024-07-01 18:32In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.
{
"affected": [],
"aliases": [
"CVE-2024-36996"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-204"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T17:15:08Z",
"severity": "MODERATE"
},
"details": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.",
"id": "GHSA-jgc6-c9v8-vfqw",
"modified": "2024-07-01T18:32:41Z",
"published": "2024-07-01T18:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36996"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0716"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JGQC-JP3C-FXJ8
Vulnerability from github – Published: 2024-05-01 18:30 – Updated: 2024-10-29 21:30In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.
{
"affected": [],
"aliases": [
"CVE-2024-30176"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T18:15:19Z",
"severity": "MODERATE"
},
"details": "In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.",
"id": "GHSA-jgqc-jp3c-fxj8",
"modified": "2024-10-29T21:30:45Z",
"published": "2024-05-01T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30176"
},
{
"type": "WEB",
"url": "https://logpoint.com"
},
{
"type": "WEB",
"url": "https://servicedesk.logpoint.com/hc/en-us/articles/18435146614301-Username-Enumeration-on-Shared-Widgets"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JH2J-7248-9P3C
Vulnerability from github – Published: 2022-05-24 16:56 – Updated: 2024-04-24 20:18The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "pagekit/pagekit"
},
"versions": [
"1.0.17"
]
}
],
"aliases": [
"CVE-2019-16669"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-24T20:18:24Z",
"nvd_published_at": "2019-09-21T19:15:00Z",
"severity": "MODERATE"
},
"details": "The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.",
"id": "GHSA-jh2j-7248-9p3c",
"modified": "2024-04-24T20:18:24Z",
"published": "2022-05-24T16:56:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16669"
},
{
"type": "WEB",
"url": "https://github.com/pagekit/pagekit/issues/935"
},
{
"type": "PACKAGE",
"url": "https://github.com/pagekit/pagekit"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Pagekit User enumeration"
}
GHSA-JH62-5Q2G-QJMX
Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
{
"affected": [],
"aliases": [
"CVE-2021-24116"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-14T13:15:00Z",
"severity": "MODERATE"
},
"details": "In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.",
"id": "GHSA-jh62-5q2g-qjmx",
"modified": "2022-05-24T19:08:02Z",
"published": "2022-05-24T19:08:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24116"
},
{
"type": "WEB",
"url": "https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/releases"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JHJ7-8R7J-MJXF
Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2025-04-12 13:01The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
{
"affected": [],
"aliases": [
"CVE-2016-2178"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-06-20T01:59:00Z",
"severity": "MODERATE"
},
"details": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.",
"id": "GHSA-jhj7-8r7j-mjxf",
"modified": "2025-04-12T13:01:23Z",
"published": "2022-05-13T01:05:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2178"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K53084033"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"type": "WEB",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
},
{
"type": "WEB",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2"
},
{
"type": "WEB",
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"
},
{
"type": "WEB",
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0194"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0193"
},
{
"type": "WEB",
"url": "http://eprint.iacr.org/2016/594.pdf"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/10"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/12"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/09/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91081"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036054"
},
{
"type": "WEB",
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"type": "WEB",
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3087-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JM4H-WWJV-4Q5C
Vulnerability from github – Published: 2024-11-13 15:31 – Updated: 2024-11-27 00:31Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
{
"affected": [],
"aliases": [
"CVE-2024-11159"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T14:15:15Z",
"severity": "MODERATE"
},
"details": "Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird \u003c 128.4.3 and Thunderbird \u003c 132.0.1.",
"id": "GHSA-jm4h-wwjv-4q5c",
"modified": "2024-11-27T00:31:41Z",
"published": "2024-11-13T15:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11159"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1925929"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00017.html"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-61"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-62"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JMJ6-P2J9-68CP
Vulnerability from github – Published: 2023-01-13 06:30 – Updated: 2023-01-25 21:37wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.wildfly.security:wildfly-elytron"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.15.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.wildfly.security:wildfly-elytron"
},
"ranges": [
{
"events": [
{
"introduced": "1.16.0.CR1"
},
{
"fixed": "1.20.3.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-3143"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-13T21:32:28Z",
"nvd_published_at": "2023-01-13T06:15:00Z",
"severity": "HIGH"
},
"details": "wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses `java.util.Arrays.equals` in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use `java.security.MessageDigest.isEqual` instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"id": "GHSA-jmj6-p2j9-68cp",
"modified": "2023-01-25T21:37:25Z",
"published": "2023-01-13T06:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"type": "PACKAGE",
"url": "https://github.com/wildfly-security/wildfly-elytron"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator"
}
GHSA-JP35-QC2G-26CH
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2026-04-03 12:31On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.
{
"affected": [],
"aliases": [
"CVE-2019-14360"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-02T17:15:00Z",
"severity": "LOW"
},
"details": "On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device\u0027s USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.",
"id": "GHSA-jp35-qc2g-26ch",
"modified": "2026-04-03T12:31:08Z",
"published": "2022-05-24T17:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14360"
},
{
"type": "WEB",
"url": "https://blog.inhq.net/posts/oled-side-channel-status-summary"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.