CVE-2025-57784

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

CVE-2025-22234

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations. Mitigation Mitigation for thi...

CVE-2026-23892

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

CVE-2026-23892

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

EUVD-2026-4775

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

Timing Attack

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Timing Attack via the API key authentication function. An attacker can extract valid API keys by measuring response times and inferring key values character by character over the...

PT-2026-5007

Name of the Vulnerable Software and Affected Versions OctoPrint versions up to and including 1.11.5 Description OctoPrint, a web interface for controlling 3D printers, is affected by a timing attack that could allow an attacker with network access to extract API keys. The issue stems from the use...

CVE-2025-57784

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

CVE-2025-57784

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

CVE-2025-57784 Tomahawk authentication timing attack due to usage of 'strcmp'

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

CVE-2025-57784

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

CVE-2025-57784

CVE-2025-57784 refers to a Tomahawk authentication timing attack in the Hiawatha webserver (version 11.7) caused by the use of strcmp in the admin handling path, which could enable a local attacker to access the management client. The Red Hat and CVE records corroborate the issue as a local-timin...

CVE-2025-57784 Tomahawk authentication timing attack due to usage of 'strcmp'

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

PT-2026-4797

Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...

GHSA-VQXH-445G-37FC Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...

Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...

CVE-2025-22234

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...

CVE-2025-22234

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...

CVE-2025-22234

CVE-2025-22234 is associated with Spring Security’s timing-attack mitigation in DaoAuthenticationProvider. The described issue states that the fix applied in CVE-2025-22228 accidentally broke the mitigation, enabling an attacker to infer usernames or authentication behavior via response-time diff...