Timing Attack

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Timing Attack via the requireBasicAuth function. An attacker can recover valid authentication credentials by measuring response times and deducin...

PT-2026-26193

Summary A Timing Side-Channel vulnerability exists in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server's response time, effectively bypassing password complexity...

EUVD-2022-35807

Malicious code in bioql PyPI...

CVE-2024-45052

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

CVE-2022-32741

Attacker is able to determine if the provided username exists and it's valid using Request New Password feature, based on the response time...

Linux Kernel 2.2.x/2.4.x - I/O System Call File Existence

/ source: https://www.securityfocus.com/bid/7279/info A weakness has been discovered on various systems that may result in an attacker gaining information pertaining to the existence of inaccessible files. The problem lies in the return times when attempting to access existent and non-existent...