3242 matches found
Information Disclosure Through Timing Attack
mdanter/ecc is vulnerable to Sensitive Information Disclosure. The vulnerability is due to computing point addition in a non constant time, which allows an attacker to deduce the private key by comparing the time it takes to compute each point addition...
RHEL 7 : firefox (RHSA-2024:1486)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1486 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
SUSE-SU-2024:1447-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues: Upgrade openCryptoki to version 3.23 jscPED-3360, jscPED-3361 EP11: Add support for FIPS-session mode CVE-2024-0914: Updates to harden against RSA timing attacks bsc1219217 Bug fixes - provide userpkcs11 and grouppkcs11 Upgrade to version...
AZL-43687 CVE-2024-2467 affecting package perl-Crypt-OpenSSL-RSA 0.31-6
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...
PT-2024-40040 · Gnu · Gmp
Name of the Vulnerable Software and Affected Versions: PHPECC affected versions not specified Description: The issue concerns malleable ECDSA signature attacks. When generating new ECDSA signatures, the use of the GMPMath adapter, which wraps the GNU Multiple Precision arithmetic library GMP,...
nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)
A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...
GHSA-6M9H-2PR2-9J8F 1Panel's password verification is suspected to have a timing attack vulnerability
Summary 源码中密码校验处使用 != 符号,而不是hmac.Equal,这可能导致产生计时攻击漏洞,从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac...
1Panel's password verification is suspected to have a timing attack vulnerability
Summary 源码中密码校验处使用 != 符号,而不是hmac.Equal,这可能导致产生计时攻击漏洞,从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac...
CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability
1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...
CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability
1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...
CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability
1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...
PT-2024-3101 · 1Panel · 1Panel
Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.3-lts Description: The issue is related to the password verification in the source code of 1Panel, which uses the != symbol instead of hmac.Equal. This may lead to a timing attack vulnerability, potentially...
1Panel's password verification is suspected to have a timing attack vulnerability
源码中密码校验处使用 != 符号,而不是hmac.Equal,这可能导致产生计时攻击漏洞,从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac. Equal to...
USN-6727-2 nss regression
USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that NSS incorrectly handled...
SUSE CVE-2020-36829
The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...
nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)
A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...
DEBIAN-CVE-2020-36829
The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...
AZL-45018 CVE-2020-36829 affecting package perl-Mojolicious 8.57-3
The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...
AZL-43936 CVE-2020-36829 affecting package perl-Mojolicious 8.57-3
The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...
UBUNTU-CVE-2020-36829
The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...