166 matches found
EUVD-2025-206342
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
CVE-2024-39742
IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169...
EUVD-2022-55832
In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter kasprintf would return NULL pointer when kmalloc fail to allocate. Need to check the return pointer before calling strcmp...
CVE-2025-54499 Insecure string comparison enables timing attacks
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...
EUVD-2021-18741
Malware in sbrugna...
EUVD-2021-0049
Malware in sbrugna...
EUVD-2020-3020
Malware in sbrugna...
EUVD-2021-0151
Malware in sbrugna...
EUVD-2021-27057
Malware in sbrugna...
EUVD-2021-1085
Malware in sbrugna...
EUVD-2024-3440
Malicious code in bioql PyPI...
EUVD-2023-38438
Malicious code in bioql PyPI...
EUVD-2021-34105
Malicious code in bioql PyPI...
EUVD-2024-38221
Malicious code in bioql PyPI...
EUVD-2025-8542
Malicious code in bioql PyPI...
curl: Timing Attack Vulnerability in curl Digest Authentication via Non-Constant-Time String Comparison
Summary: A timing attack vulnerability exists in curl's Digest Authentication implementation due to the use of non-constant-time string comparison strcmp when comparing authentication algorithms in digest.c line 360. This allows attackers to determine the supported authentication algorithm throug...
GHSA-C2FC-9Q9C-5486 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
Impact The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison...
CVE-2025-6386
The parisneo/lollms repository is affected by a timing attack vulnerability in the authenticateuser function within the lollmsauthentication.py file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The...
CVE-2021-3797
hestiacp is vulnerable to Use of Wrong Operator in String Comparison...
CVE-2015-20110
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...