VYPR

CWE-208

Observable Timing Discrepancy

BaseIncomplete

Description

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product's internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-462 · CAPEC-541 · CAPEC-580

CVEs mapped to this weakness (121)

page 2 of 7
  • CVE-2024-2467MedApr 25, 2024
    risk 0.38cvss 5.9epss 0.01

    A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial…

  • CVE-2024-3296MedApr 4, 2024
    risk 0.38cvss 5.9epss 0.00

    A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages…

  • CVE-2025-52457MedNov 18, 2025
    risk 0.37cvss 5.7epss 0.00

    Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a…

  • CVE-2025-59432MedSep 22, 2025
    risk 0.36cvss epss 0.01

    SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises…

  • CVE-2024-42368MedAug 13, 2024
    risk 0.35cvss 6.5epss 0.01

    OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple,…

  • CVE-2026-41161MedMay 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the…

  • CVE-2025-22234MedJan 22, 2026
    risk 0.34cvss 5.3epss 0.00

    The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations.

  • CVE-2025-0693MedJan 23, 2025
    risk 0.34cvss 5.3epss 0.00

    Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.

  • CVE-2026-44061MedMay 21, 2026
    risk 0.31cvss 5.9epss 0.00

    Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.

  • CVE-2026-41244MedApr 24, 2026
    risk 0.31cvss 4.7epss 0.00

    Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator (!==) to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing…

  • CVE-2026-21713MedMar 30, 2026
    risk 0.31cvss 5.9epss 0.00

    A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are…

  • CVE-2026-32935MedMar 20, 2026
    risk 0.31cvss 5.9epss 0.00

    phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and…

  • CVE-2025-59058MedSep 12, 2025
    risk 0.31cvss 5.9epss 0.00

    httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a…

  • CVE-2016-10535MedMay 31, 2018
    risk 0.31cvss 5.9epss 0.01

    csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead…

  • CVE-2025-9031MedSep 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing. This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.

  • CVE-2026-48859MedJun 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user_passwords or password option,…

  • CVE-2026-45410MedMay 28, 2026
    risk 0.27cvss 5.3epss 0.00

    TREK is a collaborative travel planner. Prior to 3.0.18, early return on missing user during login flow allowed an attacker to enumerate valid user accounts via response timing discrepancy. When an email address existed in the database, the backend performed a bcrypt password…

  • CVE-2026-41418MedApr 24, 2026
    risk 0.27cvss 5.3epss 0.00

    4ga Boards is a boards system for realtime project management. Prior to 3.3.5, 4ga Boards is vulnerable to user enumeration via a timing side-channel in the login endpoint (POST /api/access-tokens). When an invalid username/email is provided, the server responds immediately…

  • CVE-2026-5091MedMay 21, 2026
    risk 0.26cvss 5.1epss 0.00

    Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

  • CVE-2026-48011LowJun 10, 2026
    risk 0.24cvss 3.7epss 0.00

    Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue.