VYPR

CWE-208

Observable Timing Discrepancy

BaseIncomplete

Description

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product's internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-462 · CAPEC-541 · CAPEC-580

CVEs mapped to this weakness (121)

page 1 of 7
  • CVE-2016-7036CriJan 23, 2017
    risk 0.57cvss 9.8epss 0.02

    python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

  • CVE-2026-41588CriMay 8, 2026
    risk 0.52cvss 9.0epss 0.00

    RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.

  • CVE-2026-40972HigApr 28, 2026
    risk 0.49cvss 7.5epss 0.00

    An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving…

  • CVE-2026-5086HigApr 13, 2026
    risk 0.49cvss 7.5epss 0.00

    Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.

  • CVE-2025-70949HigMar 5, 2026
    risk 0.49cvss 7.5epss 0.00

    An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel.

  • CVE-2023-50781HigFeb 5, 2024
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

  • CVE-2025-53940HigJul 24, 2025
    risk 0.48cvss epss 0.03

    Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In versions 6.1.0-alpha.4 and below, Quiet's API for backend/frontend communication was using an insecure, not constant-time…

  • CVE-2026-47784HigMay 20, 2026
    risk 0.46cvss 8.1epss 0.01

    In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

  • CVE-2026-47783HigMay 20, 2026
    risk 0.46cvss 8.1epss 0.01

    In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

  • CVE-2026-42602HigMay 13, 2026
    risk 0.46cvss 8.1epss 0.00

    azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate…

  • CVE-2026-47373HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.00

    Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.

  • CVE-2025-20067MedAug 12, 2025
    risk 0.39cvss 6.0epss 0.00

    Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2026-54411MedJun 14, 2026
    risk 0.38cvss 5.9epss 0.00

    Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling…

  • CVE-2017-20240MedJun 12, 2026
    risk 0.38cvss 5.9epss 0.00

    Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.

  • CVE-2026-44368MedMay 13, 2026
    risk 0.38cvss epss 0.00

    PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can…

  • CVE-2025-7383MedAug 29, 2025
    risk 0.38cvss epss 0.00

    Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

  • CVE-2025-7071MedAug 29, 2025
    risk 0.38cvss epss 0.00

    Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

  • CVE-2025-48995MedJun 2, 2025
    risk 0.38cvss epss 0.00

    SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are…

  • CVE-2025-29780MedMar 14, 2025
    risk 0.38cvss epss 0.00

    Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 and prior, the `feldman_vss` library contains timing side-channel vulnerabilities in its matrix operations,…

  • CVE-2024-31074MedNov 13, 2024
    risk 0.38cvss 5.9epss 0.01

    Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.