Lucene search
HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-4165
bitcoind
httpauthorized
authentication
timing side-channel attack
cve-2013-4165
nvd
6.6 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
64.8%
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.
Affected configurations
Node
bitcoinbitcoin_coreMatch0.8.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| bitcoin:bitcoin_core | bitcoin bitcoin core | eq | 0.8.1 |
Related
debiancve
debiancve
CVE-2013-4165
2013-08-02 12:10:00
nvd
nvd
CVE-2013-4165
2013-08-02 12:10:40
prion
prion
Authentication flaw
2013-08-02 12:10:00
ubuntucve
ubuntucve
CVE-2013-4165
2013-08-02 00:00:00
cvelist
cvelist
CVE-2013-4165
2022-10-03 16:14:58
threatpost
threatpost
Update to Bitcoin Client Fixes DoS Bug, Password Strength
2013-09-04 15:50:24
6.6 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
64.8%
Related for CVE-2013-4165