Timing Attacks

neo4j-security is vulnerable to timing attacks. This vulnerability is caused because the credential hashes are not compared in constant time, allowing malicious users to guess valid hashes based on the time that a comparison takes...

Timing Attacks

kohana/core is vulnerable to timing attacks. The library is vulnerable because it does not compare hashes in constant-time, which allows attackers to use the timing of the request to progressively identify a valid hash...

Design/Logic Flaw

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors...

DEBIAN-CVE-2015-3250

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors...

UBUNTU-CVE-2015-3250

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors...

CVE-2015-3250

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors...

DEBIAN-CVE-2017-12872

The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...

Timing Attacks

CakePHP is vulnerable to timing attacks. The library does not compare hashes in constant time, which allows malicious users to use the timing of the request to progressively identify a valid hash...

Al-Khaser: A Benign Malware to Test Your Anti Malware

PenTestIT RSS Feed There is a idiom - use a thorn to remove a thorn. Tools like Al-Khaser cement this idiom. It is an open source, benign malware to test how good your anti-malware or local security product is. It allows you to do so by implementing commonly used tactics used by actual malwares a...

Code injection

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks...

CVE-2017-3156

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks...

CVE-2017-3156

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks...

CVE-2017-6754

A vulnerability in the web-based management interface of the Cisco Smart Net Total Care SNTC Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the...

Timing Attacks

Malcolm Fell jwt is vulnerable to timing attacks. The library does not compare hashes in constant time, which allows malicious users to use the timing of the request to progressively identify a valid hash...

Yelp: Firefly's verify_access_token() function does a byte-by-byte comparison of HMAC values.

Dear Yelp bug bounty team, Summary --- Firefly is vulnerable to timing attacks, because the verifyaccesstoken function performs a byte-by-byte comparison, which terminates early when two characters do not match. Timing attacks are a type of side channel attack where one can discover valuable...

Debian Security Advisory DSA 3883-1 (rt-authen-externalauth - security update)

It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI database mode is vulnerable. OpenVAS Vulnerability Test $Id: deb3883.nasl 6682 2017-07-12 09:00:18Z...

Debian Security Advisory DSA 3882-1 (request-tracker4 - security update)

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-6127 It was discovered that Request Tracker is vulnerable to a cross-site scripting XSS atta...

Unspecified Vulnerability in Jasypt

Jasypt is a Jasypt team developed a Java library with encryption features , it is based on standard cryptography , able to one-way or two-way encryption of passwords , text , numbers and binary files and so on. A security vulnerability exists in versions of Jasypt prior to 1.9.2. An attacker can...

Timing Attacks

github.com/go-gitea/gitea is vulnerable to timing attacks. This vulnerability is caused because the passwords are not compared in constant time, allowing malicious users to guess the valid passwords based on the time that a comparison takes...

Timing Attacks

github.com/centrifugal/centrifugo is vulnerable to timing attacks. This vulnerability is caused because the credentials are not compared in constant time, allowing malicious users to guess the valid credentials based on the time that a comparison takes...