Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:38810
HistoryJan 10, 2023 - 4:17 a.m.

Timing Attacks

2023-01-1004:17:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
vulnerability
timing attacks
clientsecretmatches
checkclientsecret
constant time
hash comparison
software

0.001 Low

EPSS

Percentile

46.7%

JSON

github.com/openshift/osin is vulnerable to timing attacks. The vulnerability exists because the ClientSecretMatches function in client.go and CheckClientSecret function in util.go does not compare hashes in constant time, allowing an attacker to progressively use the timing of the request to identify a valid hash.

Related

osv 3
cvelist 1
redhatcve 1
cve 1
nvd 1
github 1
prion 1
redhat 3
osv
osv
Timing attack in github.com/openshift/osin
2023-01-03 22:25:20
OpenShift OSIN vulnerable to Observable Timing Discrepancy
2022-12-28 18:30:20
CVE-2021-4294
2022-12-28 17:15:09
cvelist
cvelist
CVE-2021-4294 OpenShift OSIN CheckClientSecret timing discrepancy
2022-12-28 16:51:34
redhatcve
redhatcve
CVE-2021-4294
2022-12-29 04:35:00
cve
cve
CVE-2021-4294
2022-12-28 17:15:09
nvd
nvd
CVE-2021-4294
2022-12-28 17:15:09
github
github
OpenShift OSIN vulnerable to Observable Timing Discrepancy
2022-12-28 18:30:20
prion
prion
Design/Logic Flaw
2022-12-28 17:15:00
redhat
redhat
(RHSA-2024:2047) Important: OpenShift Container Platform 4.13.41 bug fix and security update
2024-05-02 15:07:21
(RHSA-2024:2782) Important: OpenShift Container Platform 4.12.57 security update
2024-05-16 17:58:46
(RHSA-2023:5006) Important: OpenShift Container Platform 4.14.0 bug fix and security update
2023-10-31 12:52:06

0.001 Low

EPSS

Percentile

46.7%

JSON
Related for VERACODE:38810
osv3cvelist1redhatcve1cve1nvd1github1prion1redhat3