Common Weakness Enumeration

CWE-208

Allowed

Observable Timing Discrepancy

Abstraction: Base · Status: Incomplete

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

306 vulnerabilities reference this CWE, most recent first.

GHSA-7W52-7JVM-M9VW

Vulnerability from github – Published: 2026-06-04 19:31 – Updated: 2026-06-11 14:06
VLAI
Summary
Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames
Details

Summary

There is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack.

Details

The faulty code exists in src/Core/Framework/Api/OAuth/UserRepository.php:

public function getUserEntityByUserCredentials(
        string $username,
        #[\SensitiveParameter]
        string $password,
        string $grantType,
        ClientEntityInterface $clientEntity
    ): ?UserEntityInterface {
        if ($this->loginConfigService->getConfig()?->useDefault === false) {
            // never allow login via password if the default login is disabled (e.g. using SSO only)
            return null;
        }

        $builder = $this->connection->createQueryBuilder();
        $user = $builder->select('user.id', 'user.password')
            ->from('user')
            ->where('username = :username')
            ->setParameter('username', $username)
            ->fetchAssociative();

        // PATH 1: EARLY RETURN WHEN USERNAME IS NOT FOUND
        if (!$user) {
            return null;
        }

        // PATH 2: VERIFY PASSWORD IF USER IS FOUND
        if (!password_verify($password, (string) $user['password'])) {
            return null;
        }

        return new User(Uuid::fromBytesToHex($user['id']));
    }

Subroutine getUserEntityByUserCredentials() is called when an auth request is send to api/oauth/token. If the given username is not found an early return is done (PATH 1). Only if the user is found we verify the password using password_verify.

PHP method password_verify by default uses hashing algorithm Argon2id which by design is intentionally 'slow' by introducing a timing cost to an attempt to bruteforce hashes more costly.

Since password_verify has a notable executable time, PATH 2 where an user is found and verified will be slower on average then PATH 1 where we do an early return for non-existing users.

Proposed fix

Before doing the early return, password_verify a dummy hash.

Impact

  1. More targeted dictionary/bruteforce attacks.
  2. Spear phishing / eases social engineering.
  3. Credential stuffing from other data leaks.

Authors

Niel Duysters (@NielDuysters) and Thomas Brankaer (@tbrankaer)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "shopware/platform"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.7.0.0"
            },
            {
              "fixed": "6.7.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "shopware/platform"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.6.10.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "shopware/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.7.0.0"
            },
            {
              "fixed": "6.7.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "shopware/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.6.10.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-04T19:31:17Z",
    "nvd_published_at": "2026-06-10T22:17:00Z",
    "severity": "LOW"
  },
  "details": "### Summary\nThere is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack.\n\n### Details\nThe faulty code exists in [`src/Core/Framework/Api/OAuth/UserRepository.php`](https://github.com/shopware/shopware/blob/trunk/src/Core/Framework/Api/OAuth/UserRepository.php):\n```\npublic function getUserEntityByUserCredentials(\n        string $username,\n        #[\\SensitiveParameter]\n        string $password,\n        string $grantType,\n        ClientEntityInterface $clientEntity\n    ): ?UserEntityInterface {\n        if ($this-\u003eloginConfigService-\u003egetConfig()?-\u003euseDefault === false) {\n            // never allow login via password if the default login is disabled (e.g. using SSO only)\n            return null;\n        }\n\n        $builder = $this-\u003econnection-\u003ecreateQueryBuilder();\n        $user = $builder-\u003eselect(\u0027user.id\u0027, \u0027user.password\u0027)\n            -\u003efrom(\u0027user\u0027)\n            -\u003ewhere(\u0027username = :username\u0027)\n            -\u003esetParameter(\u0027username\u0027, $username)\n            -\u003efetchAssociative();\n\n        // PATH 1: EARLY RETURN WHEN USERNAME IS NOT FOUND\n        if (!$user) {\n            return null;\n        }\n\n        // PATH 2: VERIFY PASSWORD IF USER IS FOUND\n        if (!password_verify($password, (string) $user[\u0027password\u0027])) {\n            return null;\n        }\n\n        return new User(Uuid::fromBytesToHex($user[\u0027id\u0027]));\n    }\n```\n\nSubroutine `getUserEntityByUserCredentials()` is called when an auth request is send to `api/oauth/token`. If the given username is not found an early return is done (PATH 1). Only if the user is found we verify the password using `password_verify`.\n\nPHP method `password_verify` by default uses hashing algorithm Argon2id which by design is intentionally \u0027slow\u0027 by introducing a timing cost to an attempt to bruteforce hashes more costly.\n\nSince `password_verify` has a notable executable time, PATH 2 where an user is found and verified will be slower on average then PATH 1 where we do an early return for non-existing users.\n\n### Proposed fix\nBefore doing the early return, `password_verify` a dummy hash.\n\n### Impact\n1. More targeted dictionary/bruteforce attacks.\n2. Spear phishing / eases social engineering.\n3. Credential stuffing from other data leaks.\n\n### Authors\nNiel Duysters (@NielDuysters) and Thomas Brankaer (@tbrankaer)",
  "id": "GHSA-7w52-7jvm-m9vw",
  "modified": "2026-06-11T14:06:35Z",
  "published": "2026-06-04T19:31:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/shopware/shopware/security/advisories/GHSA-7w52-7jvm-m9vw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48011"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/shopware/shopware"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shopware/shopware/releases/tag/v6.6.10.18"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shopware/shopware/releases/tag/v6.7.10.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames"
}

GHSA-86J9-25M2-9W97

Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-11-02 17:12
VLAI
Summary
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Details

Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal.

This could potentially allow attackers to use statistical methods to obtain a valid webhook token.

As of publication of this advisory, there is no fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:zanata"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208",
      "CWE-697"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-30T14:50:44Z",
    "nvd_published_at": "2023-10-25T18:17:40Z",
    "severity": "LOW"
  },
  "details": "Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal.\n\nThis could potentially allow attackers to use statistical methods to obtain a valid webhook token.\n\nAs of publication of this advisory, there is no fix.",
  "id": "GHSA-86j9-25m2-9w97",
  "modified": "2023-11-02T17:12:46Z",
  "published": "2023-10-25T18:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46660"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/zanata-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2879"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Non-constant time webhook token hash comparison in Jenkins Zanata Plugin"
}

GHSA-8859-V9JP-CPHF

Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-11-02 16:55
VLAI
Summary
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Details

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.

This could potentially allow attackers to use statistical methods to obtain a valid webhook token.

As of publication of this advisory, there is no fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "igalg.jenkins.plugins:multibranch-scan-webhook-trigger"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46656"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208",
      "CWE-697"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-30T14:58:39Z",
    "nvd_published_at": "2023-10-25T18:17:40Z",
    "severity": "LOW"
  },
  "details": "Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.\n\nThis could potentially allow attackers to use statistical methods to obtain a valid webhook token.\n\nAs of publication of this advisory, there is no fix.",
  "id": "GHSA-8859-v9jp-cphf",
  "modified": "2023-11-02T16:55:44Z",
  "published": "2023-10-25T18:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46656"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/multibranch-scan-webhook-trigger-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2875"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison"
}

GHSA-885R-HHPR-CC9P

Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-11-02 16:56
VLAI
Summary
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Details

Jenkins Gogs Plugin 1.0.15 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.

This could potentially allow attackers to use statistical methods to obtain a valid webhook token.

As of publication of this advisory, there is no fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:gogs-webhook"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46657"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208",
      "CWE-697"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-30T14:55:53Z",
    "nvd_published_at": "2023-10-25T18:17:40Z",
    "severity": "LOW"
  },
  "details": "Jenkins Gogs Plugin 1.0.15 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.\n\nThis could potentially allow attackers to use statistical methods to obtain a valid webhook token.\n\nAs of publication of this advisory, there is no fix.",
  "id": "GHSA-885r-hhpr-cc9p",
  "modified": "2023-11-02T16:56:29Z",
  "published": "2023-10-25T18:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46657"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/gogs-webhook-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2896"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Gogs Plugin uses non-constant time webhook token comparison"
}

GHSA-8CH4-58QP-G3MP

Vulnerability from github – Published: 2021-06-11 17:43 – Updated: 2024-11-19 18:19
VLAI
Summary
Observable Timing Discrepancy in aaugustin websockets library
Details

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "websockets"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-33880"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-10T16:24:45Z",
    "nvd_published_at": "2021-06-06T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.",
  "id": "GHSA-8ch4-58qp-g3mp",
  "modified": "2024-11-19T18:19:55Z",
  "published": "2021-06-11T17:43:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33880"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aaugustin/websockets"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/websockets/PYSEC-2021-95.yaml"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Observable Timing Discrepancy in aaugustin websockets library"
}

GHSA-8VXV-2G8P-2249

Vulnerability from github – Published: 2022-05-24 21:33 – Updated: 2022-05-24 21:33
VLAI
Summary
Observable Timing Discrepancy in totp-rs
Details

Impact

Token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless.

Patches

Library now used constant-time comparison.

Workarounds

No.

For more information

If you have any questions or comments about this advisory: * Open an issue in totp-rs * Email us at cleo.rebert@gmail.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "totp-rs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-24T21:33:15Z",
    "nvd_published_at": "2022-05-20T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nToken comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless.\n\n### Patches\nLibrary now used constant-time comparison.\n\n### Workarounds\nNo.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [totp-rs](https://github.com/constantoine/totp-rs)\n* Email us at [cleo.rebert@gmail.com](mailto:cleo.rebert@gmail.com)\n",
  "id": "GHSA-8vxv-2g8p-2249",
  "modified": "2022-05-24T21:33:15Z",
  "published": "2022-05-24T21:33:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/constantoine/totp-rs/security/advisories/GHSA-8vxv-2g8p-2249"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29185"
    },
    {
      "type": "WEB",
      "url": "https://github.com/constantoine/totp-rs/issues/13"
    },
    {
      "type": "WEB",
      "url": "https://github.com/constantoine/totp-rs/commit/1f1e1a6fe722deb1656f483b1367ea4be978db5b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/constantoine/totp-rs"
    },
    {
      "type": "WEB",
      "url": "https://github.com/constantoine/totp-rs/compare/v1.0...v1.1.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/constantoine/totp-rs/releases/tag/v1.1.0"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2022-0018.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Observable Timing Discrepancy in totp-rs"
}

GHSA-8W6W-PRH9-WR2J

Vulnerability from github – Published: 2025-04-02 09:30 – Updated: 2025-11-03 21:33
VLAI
Details

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36469"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-02T07:15:40Z",
    "severity": "LOW"
  },
  "details": "Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.",
  "id": "GHSA-8w6w-prh9-wr2j",
  "modified": "2025-11-03T21:33:27Z",
  "published": "2025-04-02T09:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36469"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://support.zabbix.com/browse/ZBX-26255"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-92CV-8JC7-JRPM

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-06-04 00:00
VLAI
Details

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-26314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208",
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-09T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.",
  "id": "GHSA-92cv-8jc7-jrpm",
  "modified": "2022-06-04T00:00:52Z",
  "published": "2022-05-24T19:04:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26314"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H36U6CNREC436W6GYO7QUMJIVEA35SCV"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVA2NY26MMXOODUMYZN5DCU3FXMBMBOB"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/06/09/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/06/10/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-944J-8CH6-RF6X

Vulnerability from github – Published: 2024-02-05 21:30 – Updated: 2026-02-27 20:57
VLAI
Summary
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
Details

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "m2crypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.40.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50781"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208",
      "CWE-385"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-05T22:41:57Z",
    "nvd_published_at": "2024-02-05T21:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
  "id": "GHSA-944j-8ch6-rf6x",
  "modified": "2026-02-27T20:57:08Z",
  "published": "2024-02-05T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50781"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-50781"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254426"
    },
    {
      "type": "PACKAGE",
      "url": "https://gitlab.com/m2crypto/m2crypto"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/m2crypto/m2crypto/-/issues/342"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657"
}

GHSA-94G3-G5V7-Q4JG

Vulnerability from github – Published: 2026-03-19 16:42 – Updated: 2026-05-08 15:18
VLAI
Summary
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
Details

Impact

Those using AES in CBC mode may be susceptible to a padding oracle timing attack.

Patches

https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788

Workarounds

Use AES in CTR, CFB or OFB modes

References

https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.49"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "phpseclib/phpseclib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.50"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.0.51"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "phpseclib/phpseclib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.52"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.26"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "phpseclib/phpseclib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.1.1"
            },
            {
              "fixed": "1.0.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-19T16:42:18Z",
    "nvd_published_at": "2026-03-20T03:16:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThose using AES in CBC mode may be susceptible to a padding oracle timing attack.\n\n### Patches\nhttps://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788\n\n### Workarounds\nUse AES in CTR, CFB or OFB modes\n\n### References\nhttps://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788",
  "id": "GHSA-94g3-g5v7-q4jg",
  "modified": "2026-05-08T15:18:13Z",
  "published": "2026-03-19T16:42:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/security/advisories/GHSA-94g3-g5v7-q4jg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32935"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/phpseclib/phpseclib"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "phpseclib\u0027s AES-CBC unpadding susceptible to padding oracle timing attack"
}

No mitigation information available for this CWE.

CAPEC-462: Cross-Domain Search Timing

An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain.

CAPEC-541: Application Fingerprinting

An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.

CAPEC-580: System Footprinting

An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.