openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...

PYSEC-2026-179

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

CVE-2026-41244 Mojic: Observable Timing Discrepancy in HMAC Verification

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

CVE-2026-40194

A flaw was found in phpseclib, a PHP secure communications library. This vulnerability involves a timing attack where the comparison of Secure Shell SSH packet integrity checks HMACs takes a variable amount of time. A remote attacker could exploit this timing difference to deduce information abou...

GHSA-6GVQ-JCMP-8959 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Impact A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modifi...

CVE-2025-59058 httpsig-rs's HMAC verification is vulnerable to timing attack

httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version...

PT-2025-37315

Name of the Vulnerable Software and Affected Versions: httpsig-rs versions prior to 0.0.19 Description: httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. The HMAC signature comparison is not timing-safe in versions prior to 0.0.19, potentially allowing an attacker to...

krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...

A Comparative Study and Implementation of Key Derivation Functions Standardized by NIST and IEEE

Since many applications and services require pseudorandom numbers PRNs, it is feasible to generate specific PRNs under given key values and input messages using Key Derivation Functions KDFs. These KDFs are primarily constructed based on Message Authentication Codes MACs, where the MAC serves as ...

The vulnerability of the gcry_md_get_algo_dlen() function in ClusterLabs Booth’s high-availability cluster management and monitoring software allows a attacker to perform an invalid HMAC.

The vulnerability of the gcrymdgetalgodlen function in ClusterLabs Booth’s high-availability cluster management and monitoring software is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker operating remotely to generate invalid HMACs...

PT-2024-3101 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.3-lts Description: The issue is related to the password verification in the source code of 1Panel, which uses the != symbol instead of hmac.Equal. This may lead to a timing attack vulnerability, potentially...

CVE-2023-36400

Windows HMAC Key Derivation Elevation of Privilege Vulnerability...

SUSE CVE-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

PT-2023-24897 · Ami · Ami Spx

Name of the Vulnerable Software and Affected Versions: AMI SPx affected versions not specified Description: The issue is related to a missing cryptographic step in the BMC of AMI SPx, where a user can generate a hash-based message authentication code HMAC. This could lead to the loss of...

The vulnerability of the implementation of the HMAC-SHA-384 mechanism in the GnuTLS cryptographic library allows a perpetrator to carry out an “Lucky 13” attack and a attack that recovers the plaintext.

The vulnerability of the implementation of the HMAC-SHA-384 mechanism in the GnuTLS cryptographic library is related to errors in the implementation of the cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to perform both a “Lucky 13” attack and an attack that recove...

Mozilla: Stack buffer overflow in HKDF output

A flaw was discovered in both Firefox and Thunderbird where 4 bytes of a HMAC output could be written past the end of a buffer stored on the memory stack. This could allow an attacker to execute arbitrary code or lead to a crash. This flaw can be exploited over the network...

Unspecified Vulnerability in Bouncy Castle BKS-V1

Bouncy Castle is a cryptographic library for C and Java applications.BKS-V1 is one of the secret key storage format. A security vulnerability exists in Bouncy Castle BKS-V1, which stems from the fact that the length of the HMAC used in Bouncy Castle BKS-V1 files is only 16 bits. An attacker could...

DEBIAN-CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...