CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-QC79-WMWR-7FJH
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
{
"affected": [],
"aliases": [
"CVE-2021-24117"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-14T14:15:00Z",
"severity": "MODERATE"
},
"details": "In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.",
"id": "GHSA-qc79-wmwr-7fjh",
"modified": "2022-05-24T19:07:59Z",
"published": "2022-05-24T19:07:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24117"
},
{
"type": "WEB",
"url": "https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a"
},
{
"type": "WEB",
"url": "https://docs.rs/crate/sgx_tstd/1.1.1"
},
{
"type": "WEB",
"url": "https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCCG-WVF8-RVFQ
Vulnerability from github – Published: 2023-10-30 18:30 – Updated: 2023-11-07 03:30In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2022-20264"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-30T17:15:47Z",
"severity": "MODERATE"
},
"details": "In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-qccg-wvf8-rvfq",
"modified": "2023-11-07T03:30:25Z",
"published": "2023-10-30T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20264"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCGX-7P5F-HXVR
Vulnerability from github – Published: 2022-03-29 22:11 – Updated: 2022-03-29 22:11Description
It was possible to confirm a single character of a user's password hash (just the hash, not the password) using a specially crafted regular expression filter in the users endpoint of the REST API. Many requests could eventually uncover the entire hash.
The hash would not be in the response, however the presence or absence of a result would confirm if the character was in the right position. It would take a long time since the API has throttling enabled by default.
Additionally, the REST API would need to be enabled, as well as the users endpoint. Both of which are disabled by default.
Resolution
Filtering by password or password hash has been disabled.
Credits
We would like to thank Thibaud Kehler for reporting the issue.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "statamic/cms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.39"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "statamic/cms"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24784"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203",
"CWE-326"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-29T22:11:45Z",
"nvd_published_at": "2022-03-25T22:15:00Z",
"severity": "LOW"
},
"details": "## Description\n\nIt was possible to confirm a single character of a user\u0027s password hash (just the hash, not the password) using a specially crafted regular expression filter in the users endpoint of the REST API. Many requests could eventually uncover the entire hash.\n\nThe hash would not be in the response, however the presence or absence of a result would confirm if the character was in the right position. It would take a long time since the API has throttling enabled by default.\n\nAdditionally, the REST API would need to be enabled, as well as the users endpoint. Both of which are disabled by default.\n\n## Resolution\n\nFiltering by password or password hash has been disabled.\n\n## Credits\n\nWe would like to thank Thibaud Kehler for reporting the issue.",
"id": "GHSA-qcgx-7p5f-hxvr",
"modified": "2022-03-29T22:11:45Z",
"published": "2022-03-29T22:11:45Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/statamic/cms/security/advisories/GHSA-qcgx-7p5f-hxvr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24784"
},
{
"type": "WEB",
"url": "https://github.com/statamic/cms/issues/5604"
},
{
"type": "WEB",
"url": "https://github.com/statamic/cms/pull/5568"
},
{
"type": "PACKAGE",
"url": "https://github.com/statamic/cms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Discoverability of user password hash in Statamic CMS"
}
GHSA-QF78-7RGR-8JF5
Vulnerability from github – Published: 2023-01-01 18:30 – Updated: 2023-01-09 18:30A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. Upgrading to version 0.8.4rc2 is able to address this issue. The name of the patch is cdb3441b5cd2c1bae49fae671dc4a496f7c96322. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217171.
{
"affected": [],
"aliases": [
"CVE-2013-10006"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-01T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. Upgrading to version 0.8.4rc2 is able to address this issue. The name of the patch is cdb3441b5cd2c1bae49fae671dc4a496f7c96322. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217171.",
"id": "GHSA-qf78-7rgr-8jf5",
"modified": "2023-01-09T18:30:18Z",
"published": "2023-01-01T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-10006"
},
{
"type": "WEB",
"url": "https://github.com/Ziftr/primecoin/commit/cdb3441b5cd2c1bae49fae671dc4a496f7c96322"
},
{
"type": "WEB",
"url": "https://github.com/Ziftr/primecoin/releases/tag/v0.8.4rc2"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.217171"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.217171"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QG7X-GX2G-8RJP
Vulnerability from github – Published: 2022-08-13 00:00 – Updated: 2022-08-16 00:00In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694094
{
"affected": [],
"aliases": [
"CVE-2022-20309"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-12T15:15:00Z",
"severity": "LOW"
},
"details": "In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194694094",
"id": "GHSA-qg7x-gx2g-8rjp",
"modified": "2022-08-16T00:00:23Z",
"published": "2022-08-13T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20309"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QGHG-5FPH-Q28C
Vulnerability from github – Published: 2024-01-31 06:30 – Updated: 2024-04-25 18:30A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
{
"affected": [],
"aliases": [
"CVE-2024-0914"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-385"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-31T05:15:08Z",
"severity": "MODERATE"
},
"details": "A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.",
"id": "GHSA-qghg-5fph-q28c",
"modified": "2024-04-25T18:30:38Z",
"published": "2024-01-31T06:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0914"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1239"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1411"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1608"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1856"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1992"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-0914"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260407"
},
{
"type": "WEB",
"url": "https://people.redhat.com/~hkario/marvin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QHP6-8WQM-W5MJ
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2023-06-26 21:30Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions.
{
"affected": [],
"aliases": [
"CVE-2021-32528"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-07T14:15:00Z",
"severity": "MODERATE"
},
"details": "Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers to obtain the system information without permissions.",
"id": "GHSA-qhp6-8wqm-w5mj",
"modified": "2023-06-26T21:30:52Z",
"published": "2022-05-24T19:07:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32528"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-4884-fd4cb-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QHQ4-JF68-CPRF
Vulnerability from github – Published: 2022-08-20 00:00 – Updated: 2024-05-07 18:30Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.
{
"affected": [],
"aliases": [
"CVE-2022-34623"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-19T14:15:00Z",
"severity": "MODERATE"
},
"details": "Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.",
"id": "GHSA-qhq4-jf68-cprf",
"modified": "2024-05-07T18:30:32Z",
"published": "2022-08-20T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34623"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/204.html"
},
{
"type": "WEB",
"url": "https://docs.mealie.io/changelog/v0.5.6"
},
{
"type": "WEB",
"url": "https://gainsec.com/2022/08/19/cve-2022-34615-cve-2022-34621-cve-2022-34623-cve-2022-34624"
},
{
"type": "WEB",
"url": "https://hub.docker.com/r/hkotel/mealie"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QHXG-623C-CFJM
Vulnerability from github – Published: 2026-06-05 16:03 – Updated: 2026-06-05 16:03Summary
The shared-view password check fell back to strict-equality (===) comparison for
legacy plaintext passwords, leaking the password's length and per-character prefix
through response timing.
Details
The bcrypt branch (hashes starting with $2a$/$2b$) was unaffected. The legacy
fallback in View.ts now uses crypto.timingSafeEqual and a same-length dummy
compare on the length-mismatch path, so total comparison time is approximately
length-independent. The EE dashboard model's verifyPassword is patched the same way.
Impact
A network-positioned attacker could mount a timing oracle against shared views whose passwords predated the bcrypt migration. Exploitation requires the ability to time shared-view authentication responses but no prior authentication.
Credit
This issue was reported by @Proscan-one.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.05.0"
},
"package": {
"ecosystem": "npm",
"name": "nocodb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.05.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47379"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-05T16:03:33Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nThe shared-view password check fell back to strict-equality (`===`) comparison for\nlegacy plaintext passwords, leaking the password\u0027s length and per-character prefix\nthrough response timing.\n\n### Details\nThe bcrypt branch (hashes starting with `$2a$`/`$2b$`) was unaffected. The legacy\nfallback in `View.ts` now uses `crypto.timingSafeEqual` and a same-length dummy\ncompare on the length-mismatch path, so total comparison time is approximately\nlength-independent. The EE dashboard model\u0027s `verifyPassword` is patched the same way.\n\n### Impact\nA network-positioned attacker could mount a timing oracle against shared views whose\npasswords predated the bcrypt migration. Exploitation requires the ability to time\nshared-view authentication responses but no prior authentication.\n\n### Credit\nThis issue was reported by [@Proscan-one](https://github.com/Proscan-one).",
"id": "GHSA-qhxg-623c-cfjm",
"modified": "2026-06-05T16:03:33Z",
"published": "2026-06-05T16:03:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-qhxg-623c-cfjm"
},
{
"type": "PACKAGE",
"url": "https://github.com/nocodb/nocodb"
},
{
"type": "WEB",
"url": "https://github.com/nocodb/nocodb/releases/tag/2026.05.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "NocoDB: Plaintext Password Comparison in Shared Views"
}
GHSA-QJRQ-HM79-49WW
Vulnerability from github – Published: 2023-05-22 19:47 – Updated: 2023-05-30 06:42Timing attacks occur when an attacker can guess a secret by observing a difference in processing time for valid and invalid inputs. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparision function. More information on this attack type can be found in this blog post.
Root Cause Analysis
In this case, the vulnerability occurs due to the following code.
https://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46-L46
Here, a untrusted input, sourced from a HTTP header, is compared directly with a secret. Since, this comparision is not secure, an attacker can mount a side-channel timing attack to guess the password.
Remediation
This can be easily fixed using a constant time comparing function such as crypto/subtle's ConstantTimeCompare.
An example fix can be found in https://github.com/runatlantis/atlantis/commit/48870911974adddaa4c99c8089e79b7d787fa820 Alternatively, one can apply the patch below
From d18cff85e1a565f688f717fd8f2cacea62ff9dbf Mon Sep 17 00:00:00 2001
From: Porcupiney Hairs <porcupiney.hairs@protonmail.com>
Date: Sun, 7 May 2023 01:03:33 +0530
Subject: [PATCH] Fix : Timing attack
---
auth.go | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/auth.go b/auth.go
index 1be96e9..be13f23 100644
--- a/auth.go
+++ b/auth.go
@@ -2,6 +2,7 @@ package gost
import (
"bufio"
+ "crypto/subtle"
"io"
"strings"
"sync"
@@ -43,7 +44,8 @@ func (au *LocalAuthenticator) Authenticate(user, password string) bool {
}
v, ok := au.kvs[user]
- return ok && (v == "" || password == v)
+ passOk := subtle.ConstantTimeCompare([]byte(password), []byte(v)) == 0
+ return ok && (v == "" || passOk)
}
// Add adds a key-value pair to the Authenticator.
--
2.25.1
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ginuerzh/gost"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.11.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-32691"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-22T19:47:15Z",
"nvd_published_at": "2023-05-30T04:15:09Z",
"severity": "MODERATE"
},
"details": "[Timing attacks](https://en.wikipedia.org/wiki/Timing_attack) occur when an attacker can guess a secret by observing a difference in processing time for valid and invalid inputs. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparision function.\nMore information on this attack type can be found in [this blog post](https://verboselogging.com/2012/08/20/a-timing-attack-in-action). \n\n# Root Cause Analysis\n\nIn this case, the vulnerability occurs due to the following code.\n\nhttps://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46-L46\n\nHere, a untrusted input, sourced from a HTTP header, is compared directly with a secret. \nSince, this comparision is not secure, an attacker can mount a side-channel timing attack to guess the password.\n\n# Remediation\n\nThis can be easily fixed using a constant time comparing function such as `crypto/subtle`\u0027s `ConstantTimeCompare`. \nAn example fix can be found in https://github.com/runatlantis/atlantis/commit/48870911974adddaa4c99c8089e79b7d787fa820 Alternatively, one can apply the patch below\n\n```\nFrom d18cff85e1a565f688f717fd8f2cacea62ff9dbf Mon Sep 17 00:00:00 2001\nFrom: Porcupiney Hairs \u003cporcupiney.hairs@protonmail.com\u003e\nDate: Sun, 7 May 2023 01:03:33 +0530\nSubject: [PATCH] Fix : Timing attack\n\n---\n auth.go | 4 +++-\n 1 file changed, 3 insertions(+), 1 deletion(-)\n\ndiff --git a/auth.go b/auth.go\nindex 1be96e9..be13f23 100644\n--- a/auth.go\n+++ b/auth.go\n@@ -2,6 +2,7 @@ package gost\n \n import (\n \t\"bufio\"\n+\t\"crypto/subtle\"\n \t\"io\"\n \t\"strings\"\n \t\"sync\"\n@@ -43,7 +44,8 @@ func (au *LocalAuthenticator) Authenticate(user, password string) bool {\n \t}\n \n \tv, ok := au.kvs[user]\n-\treturn ok \u0026\u0026 (v == \"\" || password == v)\n+\tpassOk := subtle.ConstantTimeCompare([]byte(password), []byte(v)) == 0\n+\treturn ok \u0026\u0026 (v == \"\" || passOk)\n }\n \n // Add adds a key-value pair to the Authenticator.\n-- \n2.25.1\n\n```",
"id": "GHSA-qjrq-hm79-49ww",
"modified": "2023-05-30T06:42:29Z",
"published": "2023-05-22T19:47:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ginuerzh/gost/security/advisories/GHSA-qjrq-hm79-49ww"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32691"
},
{
"type": "PACKAGE",
"url": "https://github.com/ginuerzh/gost"
},
{
"type": "WEB",
"url": "https://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "ginuerzh/gost vulnerable to Timing Attack"
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.