CVE-2025-48995

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

DEBIAN-CVE-2025-48995

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

CVE-2025-48995

CVE-2025-48995 affects SignXML (Python implementation of W3C XML Signature) prior to 4.0.4. When verify() is called with require_x509=False and an HMAC secret (hmac_key=...), the timing-based vulnerability may leak information about the correct HMAC during the comparison, enabling reconstruction ...

CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

SignXML 安全漏洞

SignXML is an open source XML signing and XAdES library for Python from XML-Security. A security vulnerability exists in SignXML versions prior to 4.0.4, which stems from a timing attack flaw that could lead to HMAC key disclosure...

PT-2025-23540 · Signxml · Signxml

Name of the Vulnerable Software and Affected Versions: SignXML versions prior to 4.0.4 Description: The issue concerns a potential timing attack when verifying signatures with X509 certificate validation turned off and HMAC shared secret set. This could allow users to reconstruct the correct HMAC...

Timing Attack

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Timing Attack due to the PageAttention mechanism. An attacker can observe timing differences to infer details about the processed data by analyzing...

CVE-2024-47057

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack due to differences in response times for existing and non-existing users in the password reset functionality. An attacker can determine the existence of usernames by observing the time it takes for the server to respond...

GHSA-424X-CXVH-WQ9P Mautic allows user name enumeration due to response time difference on password reset form

Summary This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

CVE-2024-47057 User name enumeration possible due to response time difference on password reset form

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

CVE-2024-47057

CVE-2024-47057 describes a timing-based user enumeration vulnerability in Mautic’s “Forget your password” flow. Unauthenticated actors can distinguish existing vs. non-existing usernames by response time differences, due to lacking rate limiting, enabling username discovery. Impact is user enumer...

CVE-2024-47057 User name enumeration possible due to response time difference on password reset form

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

PT-2025-23116 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: A security issue exists in the "Forget your password" functionality of Mautic, allowing unauthenticated users to enumerate valid usernames through a timing-based attack. This is due to...

CVE-2024-47869

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...

CVE-2024-22893

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack...

CVE-2024-30257

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...

CVE-2024-1729

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...