CWE-203
Observable Discrepancy
Description
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-189
CVEs mapped to this weakness (224)
page 8 of 12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-39522 | 0.00 | — | 0.01 | Aug 29, 2023 | goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a… | |||
| CVE-2023-40343 | 0.00 | — | 0.00 | Aug 16, 2023 | Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | |||
| CVE-2023-3462 | 0.00 | — | 0.01 | Jul 31, 2023 | HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This… | |||
| CVE-2023-32691 | 0.00 | — | 0.01 | May 30, 2023 | gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this… | |||
| CVE-2023-26557 | — | 0.00 | — | 0.01 | Apr 21, 2023 | io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go.… | ||
| CVE-2023-26556 | — | 0.00 | — | 0.01 | Apr 21, 2023 | io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go.… | ||
| CVE-2023-25000 | 0.00 | — | 0.00 | Mar 30, 2023 | HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the… | |||
| CVE-2022-41354 | — | 0.00 | — | 0.01 | Mar 27, 2023 | An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. | ||
| CVE-2023-1540 | — | 0.00 | — | 0.01 | Mar 21, 2023 | Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | ||
| CVE-2023-1538 | — | 0.00 | — | 0.01 | Mar 21, 2023 | Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | ||
| CVE-2021-46876 | — | 0.00 | — | 0.01 | Mar 12, 2023 | An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence. | ||
| CVE-2023-25806 | — | 0.00 | — | 0.00 | Mar 2, 2023 | OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls… | ||
| CVE-2022-39228 | 0.00 | — | 0.01 | Mar 1, 2023 | vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a… | |||
| CVE-2022-4304 | 0.00 | — | 0.16 | Feb 8, 2023 | A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of… | |||
| CVE-2010-10006 | — | 0.00 | — | 0.01 | Jan 17, 2023 | A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an… | ||
| CVE-2022-3143 | 0.00 | — | 0.01 | Jan 11, 2023 | wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use… | |||
| CVE-2016-15015 | 0.00 | — | 0.01 | Jan 8, 2023 | A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather… | |||
| CVE-2021-4294 | 0.00 | — | 0.01 | Dec 28, 2022 | A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is… | |||
| CVE-2021-4286 | 0.00 | — | 0.01 | Dec 27, 2022 | A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to… | |||
| CVE-2022-44381 | — | 0.00 | — | 0.01 | Dec 25, 2022 | Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request. |
- CVE-2023-39522Aug 29, 2023risk 0.00cvss —epss 0.01
goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a…
- CVE-2023-40343Aug 16, 2023risk 0.00cvss —epss 0.00
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
- CVE-2023-3462Jul 31, 2023risk 0.00cvss —epss 0.01
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This…
- CVE-2023-32691May 30, 2023risk 0.00cvss —epss 0.01
gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this…
- CVE-2023-26557Apr 21, 2023risk 0.00cvss —epss 0.01
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go.…
- CVE-2023-26556Apr 21, 2023risk 0.00cvss —epss 0.01
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go.…
- CVE-2023-25000Mar 30, 2023risk 0.00cvss —epss 0.00
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the…
- CVE-2022-41354Mar 27, 2023risk 0.00cvss —epss 0.01
An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.
- CVE-2023-1540Mar 21, 2023risk 0.00cvss —epss 0.01
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
- CVE-2023-1538Mar 21, 2023risk 0.00cvss —epss 0.01
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
- CVE-2021-46876Mar 12, 2023risk 0.00cvss —epss 0.01
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
- CVE-2023-25806Mar 2, 2023risk 0.00cvss —epss 0.00
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls…
- CVE-2022-39228Mar 1, 2023risk 0.00cvss —epss 0.01
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a…
- CVE-2022-4304Feb 8, 2023risk 0.00cvss —epss 0.16
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of…
- CVE-2010-10006Jan 17, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an…
- CVE-2022-3143Jan 11, 2023risk 0.00cvss —epss 0.01
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use…
- CVE-2016-15015Jan 8, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather…
- CVE-2021-4294Dec 28, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is…
- CVE-2021-4286Dec 27, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to…
- CVE-2022-44381Dec 25, 2022risk 0.00cvss —epss 0.01
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.