3242 matches found
Timing Attack
github.com/ginuerzh/gost is vulnerable to Timing Attacks. The vulnerability exists because the Authenticate function of auth.go does not properly compare sensitive secrets such as passwords, tokens and API keys using constant-time comparison, which allows an attacker to guess a secret by observin...
edk2 security update
20220126gitbb1bba3d77-4 - edk2-openssl-update.patch bz2164531 bz2164543 bz2164558 bz2164581 - edk2-rh-openssl-add-crypto-bn-rsasupmul.c-to-file-list.patch bz2164531 bz2164543 bz2164558 bz2164581 - Resolves: bz2164531 CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName...
PT-2023-23965 · Gost · Gost
Name of the Vulnerable Software and Affected Versions: gost GO Simple Tunnel affected versions not specified Description: The issue arises from the comparison of untrusted input, sourced from an HTTP header, with a secret using a non-constant time comparison function. This allows an attacker to...
EulerOS 2.0 SP10 : openssl (EulerOS-SA-2023-1960)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...
openssl: timing attack in RSA Decryption implementation
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...
Important: Red Hat Security Advisory: edk2 security update
An update for edk2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RHEL 8 : edk2 (RHSA-2023:2932)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2932 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...
ALSA-2023:2932 Important: edk2 security update
EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA Decryption...
RHEL 9 : edk2 (RHSA-2023:2165)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2165 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...
Important: Red Hat Security Advisory: edk2 security, bug fix, and enhancement update
An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
ALSA-2023:2165 Important: edk2 security, bug fix, and enhancement update
EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 edk2: integer underflow in SmmEntryPoint function...
SUSE-SU-2023:2047-1 Security update for openssl-ibmca
This update for openssl-ibmca fixes the following issues: - Fixed a timing-based side channel attack in RSA in the IBMCA engine openssl-ibmca...
Timing Attack
laravel/framework is vulnerable to Timing Attacks. The vulnerability exists in the hasValidCredentials function of SessionGuard.php due to the fact that a successful login request takes more time then a unsuccessful request due to HTTP/2 multiplexing, which allows an attacker to enumerate users v...
Timing Attack
github.com/bnb-chain/tss-lib, github.com/iofinnet/thresh and github.com/thorchain/thorchain-tss are vulnerable to Timing Attacks. The vulnerability exists due to leakage of the lambda value of a private key in multiple functions including the functions in paillier.go which allows an attacker to...
Timing Attack
github.com/iofinnet/thresh, github.com/thorchain/thorchain-tss and github.com/bnb-chain/tss-lib are vulnerable to Timing Attacks. The vulnerability exists due to a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic which allows an attack...
PT-2023-36152 · Ibm · Openssl-Ibmca
Name of the Vulnerable Software and Affected Versions: openssl-ibmca affected versions not specified Description: The issue is related to a timing-based side channel attack in RSA within the IBMCA engine of openssl-ibmca. Recommendations: At the moment, there is no information about a newer versi...
Authentication flaw
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...
CVE-2022-40482
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...
PT-2023-13792 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel versions 8.x through 9.x before 9.32.0 Description: The authentication method was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This issue is caused by the early return inside th...
IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...