VYPR

CWE-208

Observable Timing Discrepancy

BaseIncomplete

Description

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product's internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-462 · CAPEC-541 · CAPEC-580

CVEs mapped to this weakness (121)

page 3 of 7
  • CVE-2026-33006MedMay 4, 2026
    risk 0.24cvss 4.8epss 0.01

    A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

  • CVE-2026-22746LowApr 22, 2026
    risk 0.24cvss 3.7epss 0.00

    Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users…

  • CVE-2026-26717MedFeb 25, 2026
    risk 0.24cvss 4.8epss 0.00

    An issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the sync_course_run_from_request function. This allows remote attackers to forge valid signatures and bypass…

  • CVE-2026-5419LowJun 1, 2026
    risk 0.17cvss 3.7epss 0.00

    A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This…

  • CVE-2026-43514LowMay 12, 2026
    risk 0.17cvss 3.7epss 0.00

    Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.…

  • CVE-2026-41263LowApr 30, 2026
    risk 0.17cvss 3.7epss 0.00

    Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The…

  • CVE-2026-41407LowApr 28, 2026
    risk 0.17cvss 3.7epss 0.00

    OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening…

  • CVE-2026-40263LowApr 17, 2026
    risk 0.17cvss 3.7epss 0.00

    Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated…

  • CVE-2026-33877LowApr 15, 2026
    risk 0.17cvss 3.7epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint (/api/v1/@apostrophecms/login/reset-request) that allows unauthenticated username and email enumeration. When a…

  • CVE-2026-40194LowApr 10, 2026
    risk 0.17cvss 3.7epss 0.00

    phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings…

  • CVE-2026-39321LowApr 7, 2026
    risk 0.17cvss 3.7epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.6 and 8.6.74, he login endpoint response time differs measurably depending on whether the submitted username or email exists in the database. When a user…

  • CVE-2025-8774LowAug 9, 2025
    risk 0.16cvss 2.5epss 0.00

    A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required…

  • CVE-2024-40640LowJul 17, 2024
    risk 0.12cvss 2.9epss 0.00

    vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and `PkDecryption` Ed25519 secret keys. This flaw might allow an…

  • CVE-2026-48166Jun 22, 2026
    risk 0.00cvss epss 0.00

    Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to…

  • CVE-2026-47380lowJun 5, 2026
    risk 0.00cvss epss 0.00

    ### Summary Sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. ### Details The unknown-user branch in `auth.service.ts` now performs a `bcrypt.compare` against a…

  • CVE-2026-32595Mar 20, 2026
    risk 0.00cvss epss 0.00

    Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt…

  • CVE-2026-33129Mar 20, 2026
    risk 0.00cvss epss 0.00

    H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison (!==). This allows an attacker to deduce the valid password character-by-character…

  • CVE-2026-28475Mar 5, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple…

  • CVE-2026-28464Mar 5, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple…

  • CVE-2026-23901Feb 10, 2026
    risk 0.00cvss epss 0.00

    Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users…