Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43715
HistoryOct 10, 2023 - 8:26 a.m.

Timing Attack

2023-10-1008:26:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
27
python
timing attack
vulnerability
hmac
compare_digest
accumulator
constant time

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

23.7%

python is vulnerable to Timing Attack. The vulnerability is caused by a loophole in hmac.compare_digest function making it deviate from constant time operation. An attacker can mount a timing attack by exploiting the accumulator variable result in the hmac.compare_digest function.

CPENameOperatorVersion
pythonle3.10.0-a2
pythonle3.10.0-a2

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

23.7%