Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel via timing differences in RSA and CBC/ECB decryption operations when the LLVM compiler's select-optimize feature is enabled. An attacker can infer sensitive information, such as cryptographic keys, by analyzing the...

Timing Attack

OctoPrint is vulnerable to Timing Attack. The vulnerability is due to character-by-character API key comparison with early termination, which allows a network-based attacker to infer valid API keys by measuring response times and guessing the key one character at a time...

OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)

A covert timing channel flaw was found in the PKCS8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel...

OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)

A covert timing channel flaw was found in the PKCS8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel...