VYPR

CWE-203

Observable Discrepancy

BaseIncomplete

Description

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-189

CVEs mapped to this weakness (224)

page 8 of 12
  • CVE-2023-39522Aug 29, 2023
    risk 0.00cvss epss 0.01

    goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a…

  • CVE-2023-40343Aug 16, 2023
    risk 0.00cvss epss 0.00

    Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.

  • CVE-2023-3462Jul 31, 2023
    risk 0.00cvss epss 0.01

    HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This…

  • CVE-2023-32691May 30, 2023
    risk 0.00cvss epss 0.01

    gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this…

  • CVE-2023-26557Apr 21, 2023
    risk 0.00cvss epss 0.01

    io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go.…

  • CVE-2023-26556Apr 21, 2023
    risk 0.00cvss epss 0.01

    io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go.…

  • CVE-2023-25000Mar 30, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the…

  • CVE-2022-41354Mar 27, 2023
    risk 0.00cvss epss 0.01

    An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.

  • CVE-2023-1540Mar 21, 2023
    risk 0.00cvss epss 0.01

    Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.

  • CVE-2023-1538Mar 21, 2023
    risk 0.00cvss epss 0.01

    Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.

  • CVE-2021-46876Mar 12, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.

  • CVE-2023-25806Mar 2, 2023
    risk 0.00cvss epss 0.00

    OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls…

  • CVE-2022-39228Mar 1, 2023
    risk 0.00cvss epss 0.01

    vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a…

  • CVE-2022-4304Feb 8, 2023
    risk 0.00cvss epss 0.16

    A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of…

  • CVE-2010-10006Jan 17, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an…

  • CVE-2022-3143Jan 11, 2023
    risk 0.00cvss epss 0.01

    wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use…

  • CVE-2016-15015Jan 8, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather…

  • CVE-2021-4294Dec 28, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is…

  • CVE-2021-4286Dec 27, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to…

  • CVE-2022-44381Dec 25, 2022
    risk 0.00cvss epss 0.01

    Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.