3242 matches found
Timing Attack
Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Timing Attack. Go Vulnerability Report: via the crypto/tls process. An attacker can recover session key bits by exploiting timing information leaked during the removal of...
Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Request Tracker vulnerabilities (USN-6529-1)
The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6529-1 advisory. It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were...
SUSE CVE-2023-49092
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...
AZL-32048 CVE-2023-5981 affecting package gnutls for versions less than 3.7.11-1
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
Debian: Security Advisory (DLA-3660-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3660-1] gnutls28 security update
Debian LTS Advisory DLA-3660-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 22, 2023 https://wiki.debian.org/LTS Package : gnutls28 Version : 3.6.7-4+deb10u11 CVE ID : CVE-2023-5981 Debian Bug : 1056188 A vulnerability was found in GnuTLS, a secure...
CVE-2023-20902 Timing attack risk in Harbor
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information...
CVE-2023-20902 Timing attack risk in Harbor
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information...
Timing Attack
generator-jhipster is vulnerable to a Timing Attack. The vulnerability exists because the TokenProvider.java uses String.equalsstr to compare the given token-signature. This comparison method does not effectively validate the token because it stops as soon as it encounters the first character tha...
GHSA-4GPM-R23H-GPRW generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...
CVE-2015-20110
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...
Design/Logic Flaw
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...
CVE-2015-20110
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...
PT-2023-10311 · Jhipster · Generator-Jhipster
Name of the Vulnerable Software and Affected Versions: JHipster generator-jhipster versions prior to 2.23.0 Description: The issue allows for a timing attack against the validateToken function due to a string comparison that stops at the first different character. This enables attackers to guess...
CVE-2015-20110
Summary : CVE-2015-20110 affects the JHipster generator-jhipster before 2.23.0. The root cause is a token validation routine that compares strings using a short-circuiting comparison, leaking timing information. This allows attackers to brute-force tokens one character at a time by observing resp...
JHipster Security Vulnerabilities
JHipster is an open source application generator that focuses on developing web applications and microservices using Angular or React and Spring Framework. A security vulnerability exists in JHipster Generator-jhipster version prior to 2.23.0, which stems from a timing attack allowed on...
CVE-2015-20110
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...
CVE-2023-46656
CVE-2023-46656 affects Jenkins Multibranch Scan Webhook Trigger Plugin versions 1.0.9 and earlier. The root cause is a non-constant time comparison when verifying the webhook token, which can enable attackers to use statistical methods to determine a valid token. Public references (including Red ...
UBUNTU-CVE-2023-5388
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...