3242 matches found
PT-2024-2174 · Libgcrypt +4 · Libgcrypt +4
Name of the Vulnerable Software and Affected Versions: libgcrypt affected versions not specified Description: A timing-based side-channel flaw was found in libgcrypt's RSA implementation, which may allow a remote attacker to initiate a Bleichenbacher-style attack. This can lead to the decryption ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
gnutls: incomplete fix for CVE-2023-5981
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...
Medium: gnutls
Issue Overview: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK ke...
Medium: gnutls
Issue Overview: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK ke...
SUSE-SU-2024:0638-1 Security update for gnutls
This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust bsc1218862. - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data bsc1218865...
MGASA-2024-0049 Updated rootcerts, nss and firefox packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...
Updated rootcerts, nss and firefox packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...
RHEL 9 : OpenShift Container Platform 4.15.z (RHSA-2023:7200)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7200 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built fr...
CVE-2024-0436
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...
CVE-2024-0436
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...
Design/Logic Flaw
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...
CVE-2024-0436
Technical details (affected product/version, root cause specifics, exploit scenarios, or remediation) are not publicly available in the provided Connected documents. Monitor for updates from NVD/Red Hat/OSV and other feeds to obtain concrete data.
CVE-2024-0436 Prevent timing attack for single-user password check
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...
CVE-2024-0436 Prevent timing attack for single-user password check
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...
Timing Attack
gradio is vulnerable to Timing Attack. The vulnerability is due to string comparisons in Python terminating early upon encountering a string mismatch. This allows an attacker to take advantage of the default lack of rate-limiting, to brute-force the correct username and password of an account...
GHSA-HMX6-R76C-85G9 Gradio apps vulnerable to timing attacks to guess password
Impact This security policy is with regards to a timing attack that allows users of Gradio apps to potentially guess the password of password-protected Gradio apps. This relies on the fact that string comparisons in Python terminate early, as soon as there is a string mismatch. Because Gradio app...
SUSE-SU-2024:0597-1 Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198...
PT-2024-40455 · Pypqc · Pypqc
Name of the Vulnerable Software and Affected Versions: PyPQC versions prior to 0.0.6.1 Description: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. A proof-of-concept exploi...
PT-2024-18257 · Gradio · Gradio
Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 4.19.2 Description: A timing attack vulnerability exists in the login function, specifically within the routes.py file, due to the use of a direct comparison operation app.authusername == password to validate user...