3235 matches found
Timing Attack
Overview github.com/traefik/traefik/v2/pkg/middlewares/auth is a Cloud Native Application Proxy. Affected versions of this package are vulnerable to Timing Attack via the BasicAuth middleware. An attacker can enumerate valid usernames by measuring the response time differences when submitting...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth middleware. An attacker can enumerate valid usernames by measuring the response time differences when submitting authentication requests. Remediation Upgrade...
SUSE-SU-2026:20769-1 Security update for ovmf
This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441...
CVE-2026-32595
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...
CVE-2026-32595
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...
CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...
CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...
CVE-2026-32595
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...
CVE-2026-32595
Traefik vulnerability CVE-2026-32595 affects the BasicAuth middleware in multiple releases. When a submitted username exists, a bcrypt comparison runs ~166 ms; if the username does not exist, the response is ~0.6 ms. This timing difference enables an unauthenticated attacker to distinguish valid ...
CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...
Timing Attack
Overview phpseclib/phpseclib is a PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. Affected versions of this package are vulnerable to Timing Attack via the AES algorithm in CBC mode. An attacker can recover sensitive information by exploiting timin...
UBUNTU-CVE-2026-32935
phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...
DEBIAN-CVE-2026-32935
phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...
CVE-2026-32935
phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...
CVE-2026-32935
CVE-2026-32935 affects phpseclib with AES-CBC padding oracle timing vulnerability. Affected versions: 1.0.26 and below; 2.0.0–2.0.51; 3.0.0–3.0.49. Root cause: short-circuiting in the unpadding function enables timing leakage. Impact per sources: potential confidentiality impact (C) with high lik...
CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...
CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...
CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
phpseclib is a PHP secure communications library. Projects using versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...
CVE-2026-32935
phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...
PT-2026-26602
Name of the Vulnerable Software and Affected Versions Traefik versions 2.11.40 and below Traefik versions 3.0.0-beta1 through 3.6.11 Traefik version 3.7.0-ea.1 Description Traefik’s BasicAuth middleware has a flaw that allows an unauthenticated attacker to enumerate valid usernames through a timi...