VYPR

CWE-1255

Comparison Logic is Vulnerable to Power Side-Channel Attacks

VariantDraft

Description

A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-189

CVEs mapped to this weakness (3)

  • CVE-2015-9240HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.01

    Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.

  • CVE-2024-39920MedJul 3, 2024
    risk 0.28cvss 4.3epss 0.01

    The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled…

  • CVE-2025-3301LowApr 29, 2025
    risk 0.07cvss epss 0.00

    DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The…