3242 matches found
The vulnerability of the transport-layer cryptographic library GnuTLS, related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect PKCS#1 additional fields, allows a attacker to recover the decryption key for messages.
The vulnerability of the transport-layer cryptographic library GnuTLS is related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect additional PKCS1 fields. Exploiting this vulnerability could allow a malicious...
Timing Attack
Harbor is vulnerable to timing attacks. The vulnerability is due the comparison of secrets which are not run in constant time. This allows an attacker to decipher response times for cryptographic calculation and secret enumeration, which can result in sensitive information disclosure...
Side Channel Attack
libcryptopp.so is vulnerable to Timing Attack. The vulnerability arises from non-constant time scalar multiplication in ecp.cpp prime field curves with small leakage and algebra.cpp binary field curves with large leakage. This leakage allows an attacker to measure the duration of hundreds to...
GHSA-MQ6F-5XH5-HGCF Harbor timing attack risk
In the Harbor jobservice container, the comparison of secrets in the authenticator type is prone to timing attacks. The vulnerability occurs due to the following code: https://github.com/goharbor/harbor/blob/aaea068cceb4063ab89313d9785f2b40f35b0d63/src/jobservice/api/authenticator.goL69-L69 To...
Harbor timing attack risk
In the Harbor jobservice container, the comparison of secrets in the authenticator type is prone to timing attacks. The vulnerability occurs due to the following code: https://github.com/goharbor/harbor/blob/aaea068cceb4063ab89313d9785f2b40f35b0d63/src/jobservice/api/authenticator.goL69-L69 To...
Timing Attack
python is vulnerable to Timing Attack. The vulnerability is caused by a loophole in hmac.comparedigest function making it deviate from constant time operation. An attacker can mount a timing attack by exploiting the accumulator variable result in the hmac.comparedigest function...
PT-2023-17692 · Harbor · Harbor
Name of the Vulnerable Software and Affected Versions: Harbor versions 2.6.x and earlier Harbor versions 2.7.2 and earlier Harbor versions 2.8.2 and earlier Harbor versions 1.10.17 and earlier Description: A timing condition in Harbor allows an attacker with network access to create jobs, stop jo...
USN-6400-1: Python vulnerability
It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information...
USN-6400-1 python2.7, python3.5 vulnerability
It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information...
Ubuntu: Security Advisory (USN-6400-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2023-4421
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
Oracle Linux 7 : ovmf (ELSA-2019-2125)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2125 advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing atta...
Oracle Linux 7 : openssl (ELSA-2019-2304)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2304 advisory. - fix CVE-2018-0734 - DSA signature local timing side channel - fix CVE-2019-1559 - 0-byte record padding oracle Tenable has extracted the preceding...
wildfly-elytron: possible timing attacks via use of unsafe comparator
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...
Timing Attack
python3.9 is vulnerable to Improper Access Control. The vulnerability exists due to a flaw in the way the hmac.comparedigest function in the Lib/hmac.py module compares two message digests. An attacker can exploit this vulnerability to distinguish between different message digests, which could be...
Python 竞争条件问题漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9.1, which stems from the fact that the Comparedigest accumulator...
CVE-2023-40021
Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...
CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia
Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...
CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia
Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...
CVE-2023-40021
CVE-2023-40021 affects Oppia: timing-attack CSRF token validation using string equality in CsrfTokenManager.is_csrf_token_valid allows an attacker to brute-force the token character-by-character via lure-and-traud site, enabling forged actions in a logged-in user’s session. Impact includes profil...