CVE-2016-9077

Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox 50...

Monero: Constant-time comparison is not always implemented; critical areas are vulnerable to key-timing attacks

In my most superficial of reviews, constant-time comparison appears to not be globally implemented at a glance, only implemented within the ref10 implementation. With that said, the following areas either appear to be vulnerable, or are potentially vulnerable, to key-timing attacks: 1. Containers...

Timing Attack

Oak Core is vulnerable to timing attacks. Different responses are given for existing and non-existing user names from the server, allowing attackers to focus on guessing passwords for existing accounts...

CVE-2018-0737

OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key...

Google Chrome Denial of Service Vulnerability (CNVD-2018-08819)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in versions prior to Google Chrome 65.0.3325.146. An attacker can exploit this vulnerability to conduct timing attacks, execute code, or cause a denial of service application crash...

CVE-2017-2585

Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks...

Design/Logic Flaw

Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks...

CVE-2017-2585

Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks...

CVE-2017-2585

Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks...

CVE-2017-2585

CVE-2017-2585 affects Red Hat Keycloak before version 2.5.1, where JWS token HMAC verification is implemented in non-constant time, potentially enabling timing attacks. Documents across OSV/GHSA/NVD reiterate this exact flaw for Keycloak; no explicit exploit details or affected version ranges bey...

What You Should Know About Side-Channel Attacks, Like Meltdown

“The light is on in their window. They must be home.” This is a classic example of a side information channel. They didn’t TELL you they were home. But the side effect of them being home in the evening is the light in the window — which is how you’re pretty sure they are home even though this...

Timing Attacks

django-anymail is vulnerable to timing attacks. The WEBHOOKAUTHORIZATION shared secret can be obtained because it is not compared in constant time. This allows an attacker to decipher the secret by using the time a call takes to return...

Al-Khaser v0.72 - Public malware techniques used in the wild (Virtual Machine, Emulation, Debuggers, Sandbox detection)

al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar. Features Anti-debugging attacks IsDebuggerPresent CheckRemoteDebuggerPresent Process...

Fedora 26 : firefox (2018-fb582aabcc)

Update to 57.0.4 - Security fixes to address the Meltdown and Spectre timing attacks - https://blog.mozilla.org/security/2018/01/03/mitigations -landing-new-class-timing-attack/ - Require new nss 3.34 fixed 1531031 - Disabled ARM on all Fedoras due to 1523912 Note that Tenable Network Security...

Timing Attacks

woocommerce is vulnerable to timing attacks. The library is vulnerable because it does not compare HMACs in constant-time, which allows malicious users to use the timing of the request to progressively identify a valid HMAC hashes...

CVE-2017-12849

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks...

Design/Logic Flaw

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks...

CVE-2017-12849

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks...

CVE-2017-12849

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks...

PT-2017-12723 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: SilverStripe CMS versions prior to 3.5.5 SilverStripe CMS versions 3.6.x prior to 3.6.1 Description: The issue allows remote attackers to enumerate users via timing attacks due to response discrepancy in the login and password reset forms...