CWE-208
AllowedObservable Timing Discrepancy
Abstraction: Base · Status: Incomplete
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
306 vulnerabilities reference this CWE, most recent first.
GHSA-7W52-7JVM-M9VW
Vulnerability from github – Published: 2026-06-04 19:31 – Updated: 2026-06-11 14:06Summary
There is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack.
Details
The faulty code exists in src/Core/Framework/Api/OAuth/UserRepository.php:
public function getUserEntityByUserCredentials(
string $username,
#[\SensitiveParameter]
string $password,
string $grantType,
ClientEntityInterface $clientEntity
): ?UserEntityInterface {
if ($this->loginConfigService->getConfig()?->useDefault === false) {
// never allow login via password if the default login is disabled (e.g. using SSO only)
return null;
}
$builder = $this->connection->createQueryBuilder();
$user = $builder->select('user.id', 'user.password')
->from('user')
->where('username = :username')
->setParameter('username', $username)
->fetchAssociative();
// PATH 1: EARLY RETURN WHEN USERNAME IS NOT FOUND
if (!$user) {
return null;
}
// PATH 2: VERIFY PASSWORD IF USER IS FOUND
if (!password_verify($password, (string) $user['password'])) {
return null;
}
return new User(Uuid::fromBytesToHex($user['id']));
}
Subroutine getUserEntityByUserCredentials() is called when an auth request is send to api/oauth/token. If the given username is not found an early return is done (PATH 1). Only if the user is found we verify the password using password_verify.
PHP method password_verify by default uses hashing algorithm Argon2id which by design is intentionally 'slow' by introducing a timing cost to an attempt to bruteforce hashes more costly.
Since password_verify has a notable executable time, PATH 2 where an user is found and verified will be slower on average then PATH 1 where we do an early return for non-existing users.
Proposed fix
Before doing the early return, password_verify a dummy hash.
Impact
- More targeted dictionary/bruteforce attacks.
- Spear phishing / eases social engineering.
- Credential stuffing from other data leaks.
Authors
Niel Duysters (@NielDuysters) and Thomas Brankaer (@tbrankaer)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/platform"
},
"ranges": [
{
"events": [
{
"introduced": "6.7.0.0"
},
{
"fixed": "6.7.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/platform"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.10.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/core"
},
"ranges": [
{
"events": [
{
"introduced": "6.7.0.0"
},
{
"fixed": "6.7.10.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.10.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48011"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-04T19:31:17Z",
"nvd_published_at": "2026-06-10T22:17:00Z",
"severity": "LOW"
},
"details": "### Summary\nThere is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack.\n\n### Details\nThe faulty code exists in [`src/Core/Framework/Api/OAuth/UserRepository.php`](https://github.com/shopware/shopware/blob/trunk/src/Core/Framework/Api/OAuth/UserRepository.php):\n```\npublic function getUserEntityByUserCredentials(\n string $username,\n #[\\SensitiveParameter]\n string $password,\n string $grantType,\n ClientEntityInterface $clientEntity\n ): ?UserEntityInterface {\n if ($this-\u003eloginConfigService-\u003egetConfig()?-\u003euseDefault === false) {\n // never allow login via password if the default login is disabled (e.g. using SSO only)\n return null;\n }\n\n $builder = $this-\u003econnection-\u003ecreateQueryBuilder();\n $user = $builder-\u003eselect(\u0027user.id\u0027, \u0027user.password\u0027)\n -\u003efrom(\u0027user\u0027)\n -\u003ewhere(\u0027username = :username\u0027)\n -\u003esetParameter(\u0027username\u0027, $username)\n -\u003efetchAssociative();\n\n // PATH 1: EARLY RETURN WHEN USERNAME IS NOT FOUND\n if (!$user) {\n return null;\n }\n\n // PATH 2: VERIFY PASSWORD IF USER IS FOUND\n if (!password_verify($password, (string) $user[\u0027password\u0027])) {\n return null;\n }\n\n return new User(Uuid::fromBytesToHex($user[\u0027id\u0027]));\n }\n```\n\nSubroutine `getUserEntityByUserCredentials()` is called when an auth request is send to `api/oauth/token`. If the given username is not found an early return is done (PATH 1). Only if the user is found we verify the password using `password_verify`.\n\nPHP method `password_verify` by default uses hashing algorithm Argon2id which by design is intentionally \u0027slow\u0027 by introducing a timing cost to an attempt to bruteforce hashes more costly.\n\nSince `password_verify` has a notable executable time, PATH 2 where an user is found and verified will be slower on average then PATH 1 where we do an early return for non-existing users.\n\n### Proposed fix\nBefore doing the early return, `password_verify` a dummy hash.\n\n### Impact\n1. More targeted dictionary/bruteforce attacks.\n2. Spear phishing / eases social engineering.\n3. Credential stuffing from other data leaks.\n\n### Authors\nNiel Duysters (@NielDuysters) and Thomas Brankaer (@tbrankaer)",
"id": "GHSA-7w52-7jvm-m9vw",
"modified": "2026-06-11T14:06:35Z",
"published": "2026-06-04T19:31:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/shopware/shopware/security/advisories/GHSA-7w52-7jvm-m9vw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48011"
},
{
"type": "PACKAGE",
"url": "https://github.com/shopware/shopware"
},
{
"type": "WEB",
"url": "https://github.com/shopware/shopware/releases/tag/v6.6.10.18"
},
{
"type": "WEB",
"url": "https://github.com/shopware/shopware/releases/tag/v6.7.10.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames"
}
GHSA-86J9-25M2-9W97
Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-11-02 17:12Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal.
This could potentially allow attackers to use statistical methods to obtain a valid webhook token.
As of publication of this advisory, there is no fix.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:zanata"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46660"
],
"database_specific": {
"cwe_ids": [
"CWE-208",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-30T14:50:44Z",
"nvd_published_at": "2023-10-25T18:17:40Z",
"severity": "LOW"
},
"details": "Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal.\n\nThis could potentially allow attackers to use statistical methods to obtain a valid webhook token.\n\nAs of publication of this advisory, there is no fix.",
"id": "GHSA-86j9-25m2-9w97",
"modified": "2023-11-02T17:12:46Z",
"published": "2023-10-25T18:32:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46660"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/zanata-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2879"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Non-constant time webhook token hash comparison in Jenkins Zanata Plugin"
}
GHSA-8859-V9JP-CPHF
Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-11-02 16:55Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.
This could potentially allow attackers to use statistical methods to obtain a valid webhook token.
As of publication of this advisory, there is no fix.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "igalg.jenkins.plugins:multibranch-scan-webhook-trigger"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46656"
],
"database_specific": {
"cwe_ids": [
"CWE-208",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-30T14:58:39Z",
"nvd_published_at": "2023-10-25T18:17:40Z",
"severity": "LOW"
},
"details": "Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.\n\nThis could potentially allow attackers to use statistical methods to obtain a valid webhook token.\n\nAs of publication of this advisory, there is no fix.",
"id": "GHSA-8859-v9jp-cphf",
"modified": "2023-11-02T16:55:44Z",
"published": "2023-10-25T18:32:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46656"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/multibranch-scan-webhook-trigger-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2875"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison"
}
GHSA-885R-HHPR-CC9P
Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-11-02 16:56Jenkins Gogs Plugin 1.0.15 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.
This could potentially allow attackers to use statistical methods to obtain a valid webhook token.
As of publication of this advisory, there is no fix.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:gogs-webhook"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46657"
],
"database_specific": {
"cwe_ids": [
"CWE-208",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-30T14:55:53Z",
"nvd_published_at": "2023-10-25T18:17:40Z",
"severity": "LOW"
},
"details": "Jenkins Gogs Plugin 1.0.15 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.\n\nThis could potentially allow attackers to use statistical methods to obtain a valid webhook token.\n\nAs of publication of this advisory, there is no fix.",
"id": "GHSA-885r-hhpr-cc9p",
"modified": "2023-11-02T16:56:29Z",
"published": "2023-10-25T18:32:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46657"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/gogs-webhook-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2896"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Gogs Plugin uses non-constant time webhook token comparison"
}
GHSA-8CH4-58QP-G3MP
Vulnerability from github – Published: 2021-06-11 17:43 – Updated: 2024-11-19 18:19The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "websockets"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-33880"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-10T16:24:45Z",
"nvd_published_at": "2021-06-06T15:15:00Z",
"severity": "HIGH"
},
"details": "The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.",
"id": "GHSA-8ch4-58qp-g3mp",
"modified": "2024-11-19T18:19:55Z",
"published": "2021-06-11T17:43:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33880"
},
{
"type": "WEB",
"url": "https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0"
},
{
"type": "WEB",
"url": "https://github.com/aaugustin/websockets"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/websockets/PYSEC-2021-95.yaml"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Observable Timing Discrepancy in aaugustin websockets library"
}
GHSA-8VXV-2G8P-2249
Vulnerability from github – Published: 2022-05-24 21:33 – Updated: 2022-05-24 21:33Impact
Token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless.
Patches
Library now used constant-time comparison.
Workarounds
No.
For more information
If you have any questions or comments about this advisory: * Open an issue in totp-rs * Email us at cleo.rebert@gmail.com
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "totp-rs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29185"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-24T21:33:15Z",
"nvd_published_at": "2022-05-20T20:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nToken comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless.\n\n### Patches\nLibrary now used constant-time comparison.\n\n### Workarounds\nNo.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [totp-rs](https://github.com/constantoine/totp-rs)\n* Email us at [cleo.rebert@gmail.com](mailto:cleo.rebert@gmail.com)\n",
"id": "GHSA-8vxv-2g8p-2249",
"modified": "2022-05-24T21:33:15Z",
"published": "2022-05-24T21:33:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/constantoine/totp-rs/security/advisories/GHSA-8vxv-2g8p-2249"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29185"
},
{
"type": "WEB",
"url": "https://github.com/constantoine/totp-rs/issues/13"
},
{
"type": "WEB",
"url": "https://github.com/constantoine/totp-rs/commit/1f1e1a6fe722deb1656f483b1367ea4be978db5b"
},
{
"type": "PACKAGE",
"url": "https://github.com/constantoine/totp-rs"
},
{
"type": "WEB",
"url": "https://github.com/constantoine/totp-rs/compare/v1.0...v1.1.0"
},
{
"type": "WEB",
"url": "https://github.com/constantoine/totp-rs/releases/tag/v1.1.0"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2022-0018.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Observable Timing Discrepancy in totp-rs"
}
GHSA-8W6W-PRH9-WR2J
Vulnerability from github – Published: 2025-04-02 09:30 – Updated: 2025-11-03 21:33Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.
{
"affected": [],
"aliases": [
"CVE-2024-36469"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-02T07:15:40Z",
"severity": "LOW"
},
"details": "Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.",
"id": "GHSA-8w6w-prh9-wr2j",
"modified": "2025-11-03T21:33:27Z",
"published": "2025-04-02T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36469"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00027.html"
},
{
"type": "WEB",
"url": "https://support.zabbix.com/browse/ZBX-26255"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-92CV-8JC7-JRPM
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-06-04 00:00Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
{
"affected": [],
"aliases": [
"CVE-2021-26314"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T12:15:00Z",
"severity": "MODERATE"
},
"details": "Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.",
"id": "GHSA-92cv-8jc7-jrpm",
"modified": "2022-06-04T00:00:52Z",
"published": "2022-05-24T19:04:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26314"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-944J-8CH6-RF6X
Vulnerability from github – Published: 2024-02-05 21:30 – Updated: 2026-02-27 20:57A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "m2crypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.40.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-50781"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208",
"CWE-385"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-05T22:41:57Z",
"nvd_published_at": "2024-02-05T21:15:10Z",
"severity": "MODERATE"
},
"details": "A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
"id": "GHSA-944j-8ch6-rf6x",
"modified": "2026-02-27T20:57:08Z",
"published": "2024-02-05T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50781"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-50781"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254426"
},
{
"type": "PACKAGE",
"url": "https://gitlab.com/m2crypto/m2crypto"
},
{
"type": "WEB",
"url": "https://gitlab.com/m2crypto/m2crypto/-/issues/342"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657"
}
GHSA-94G3-G5V7-Q4JG
Vulnerability from github – Published: 2026-03-19 16:42 – Updated: 2026-05-08 15:18Impact
Those using AES in CBC mode may be susceptible to a padding oracle timing attack.
Patches
https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
Workarounds
Use AES in CTR, CFB or OFB modes
References
https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.49"
},
"package": {
"ecosystem": "Packagist",
"name": "phpseclib/phpseclib"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.50"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.51"
},
"package": {
"ecosystem": "Packagist",
"name": "phpseclib/phpseclib"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.52"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.0.26"
},
"package": {
"ecosystem": "Packagist",
"name": "phpseclib/phpseclib"
},
"ranges": [
{
"events": [
{
"introduced": "0.1.1"
},
{
"fixed": "1.0.27"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32935"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-19T16:42:18Z",
"nvd_published_at": "2026-03-20T03:16:00Z",
"severity": "HIGH"
},
"details": "### Impact\nThose using AES in CBC mode may be susceptible to a padding oracle timing attack.\n\n### Patches\nhttps://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788\n\n### Workarounds\nUse AES in CTR, CFB or OFB modes\n\n### References\nhttps://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788",
"id": "GHSA-94g3-g5v7-q4jg",
"modified": "2026-05-08T15:18:13Z",
"published": "2026-03-19T16:42:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32935"
},
{
"type": "WEB",
"url": "https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788"
},
{
"type": "PACKAGE",
"url": "https://github.com/phpseclib/phpseclib"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "phpseclib\u0027s AES-CBC unpadding susceptible to padding oracle timing attack"
}
No mitigation information available for this CWE.
CAPEC-462: Cross-Domain Search Timing
An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain.
CAPEC-541: Application Fingerprinting
An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.
CAPEC-580: System Footprinting
An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.