CVE-2024-45192

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-45191

An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...

open-telemetry has an Observable Timing Discrepancy

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. Details...

GHSA-RFXF-MF63-CPQV open-telemetry has an Observable Timing Discrepancy

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. Details...

Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse

New research shows how known techniques for finding weaknesses in websites are actually practical in uncovering vulnerabilities, for better or worse...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2048)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : python-cryptography (EulerOS-SA-2024-2048)

According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2008)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : python-cryptography (EulerOS-SA-2024-1990)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing ...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

Sensitive Information Disclosure

TYPO3/flow is vulnerable to information disclosure. The vulnerability is due to timing attacks revealing account existence because password hashing was only performed if an account was found...

CVE-2024-39894

A flaw was found in OpenSSH. A logic error in the SSH ObscureKeystrokeTiming feature on by default rendered this feature ineffective. A passive observer could still detect which network packets contained real keystrokes when the countermeasure was active because fake and real keystroke packets we...

CVE-2024-39894

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...

CVE-2024-39894

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...

OpenSSH Security Vulnerabilities

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers from the Canadian OpenBSD Project Group. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection...

CVE-2024-39894

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...

CVE-2024-39894

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...

CVE-2024-39894

OpenSSH CVE-2024-39894 affects OpenSSH 9.5–9.7 (before 9.8). A logic error in the ObscureKeystrokeTiming feature can enable timing attacks on keystroke entry (e.g., echo-off password input for su and sudo) and potentially reveal keystrokes. Mitigation per linked advisories is to upgrade to OpenSS...

PT-2024-6687 · Openssh +7 · Openssh +7

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 9.5 through 9.7 Description: The issue is related to a logic error in the ObscureKeystrokeTiming function, which can lead to timing attacks against echo-off password entry, such as those used for su and Sudo. This could...

Time-Based Information Disclosure Vulnerability in Flow

The PersistedUsernamePasswordProvider was prone to a information disclosure of account existance based on timing attacks as the hashing of passwords was only done in case an account was found. We changed the core so that the provider always does a password comparison in case credentials were...