188 matches found
Siemens SCALANCE X-200RNA Switch Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2003-1562)
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...
CVE-2024-47178
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...
keycloak: potential bypass of brute force protection
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...
SSH Username Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SSH Username Enumeration', 'Description' = %q This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The...
CVE-2024-42368
A vulnerability was found in OpenTelemetry, specifically in the github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension. This flaw impacts anyone using the bearertokenauth server authenticator. Malicious clients with network access to the collector may perform...
CVE-2024-42368
OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...
CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy
OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...
CVE-2024-42368
The CVE-2024-42368 issue affects the bearertokenauth server authenticator in OpenTelemetry Collector contributions. A timing-discrepancy arises from non-constant time string comparisons of bearer tokens, enabling a network-adjacent attacker to infer the configured token by measuring response time...
CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy
OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...
PT-2024-29902
Name of the Vulnerable Software and Affected Versions OpenTelemetry versions prior to 0.107.0 Description OpenTelemetry is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data. The bearertokenauth extension's server...
Security Bulletin: Timing Oracle in GSKit.
Summary A timing based side channel exists in the RSA Decryption implementation used by GSKit builds prior to 8.0.55.31. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RS...
CVE-2024-41828
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time...
CVE-2024-40640 Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...
The vulnerability of the RSA BSAFE Micro Edition Suite and BSAFE Crypto-C Micro Edition security tools lies in the fact that manipulating an unknown input can lead to a timing mismatch vulnerability, allowing attackers to disclose protected information.
The vulnerability of the RSA BSAFE Micro Edition Suite and BSAFE Crypto-C Micro Edition software lies in the manipulation of an unknown input, leading to a time mismatch vulnerability. Exploiting this vulnerability could allow an attacker to disclose the protected information...
CVE-2021-47252
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARNON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actually transmitted by the worker. But WARNON must ...
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...
GHSA-3494-CFWF-56HW mdanter/ecc affected by timing vulnerability in cryptographic side-channels
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...
opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...