CWE-208
AllowedObservable Timing Discrepancy
Abstraction: Base · Status: Incomplete
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
306 vulnerabilities reference this CWE, most recent first.
GHSA-GQ3J-XVXP-8HRF
Vulnerability from github – Published: 2026-02-19 20:15 – Updated: 2026-02-19 20:15Summary
The basicAuth and bearerAuth middlewares previously used a comparison that was not fully timing-safe.
The timingSafeEqual function used normal string equality (===) when comparing hash values. This comparison may stop early if values differ, which can theoretically cause small timing differences.
The implementation has been updated to use a safer comparison method.
Details
The issue was caused by the use of normal string equality (===) when comparing hash values inside the timingSafeEqual function.
In JavaScript, string comparison may stop as soon as a difference is found. This means the comparison time can slightly vary depending on how many characters match.
Under very specific and controlled conditions, this behavior could theoretically allow timing-based analysis.
The implementation has been updated to:
- Avoid early termination during comparison
- Use a constant-time-style comparison method
Impact
This issue is unlikely to be exploited in normal environments.
It may only be relevant in highly controlled situations where precise timing measurements are possible.
This change is considered a security hardening improvement. Users are encouraged to upgrade to the latest version.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "hono"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.11.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-19T20:15:59Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "## Summary\n\nThe `basicAuth` and `bearerAuth` middlewares previously used a comparison that was not fully timing-safe.\n\nThe `timingSafeEqual` function used normal string equality (`===`) when comparing hash values. This comparison may stop early if values differ, which can theoretically cause small timing differences.\n\nThe implementation has been updated to use a safer comparison method.\n\n\n## Details\n\nThe issue was caused by the use of normal string equality (`===`) when comparing hash values inside the `timingSafeEqual` function.\n\nIn JavaScript, string comparison may stop as soon as a difference is found. This means the comparison time can slightly vary depending on how many characters match.\n\nUnder very specific and controlled conditions, this behavior could theoretically allow timing-based analysis.\n\nThe implementation has been updated to:\n\n- Avoid early termination during comparison\n- Use a constant-time-style comparison method\n\n## Impact\n\nThis issue is unlikely to be exploited in normal environments.\n\nIt may only be relevant in highly controlled situations where precise timing measurements are possible.\n\nThis change is considered a security hardening improvement. Users are encouraged to upgrade to the latest version.",
"id": "GHSA-gq3j-xvxp-8hrf",
"modified": "2026-02-19T20:15:59Z",
"published": "2026-02-19T20:15:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/honojs/hono/security/advisories/GHSA-gq3j-xvxp-8hrf"
},
{
"type": "WEB",
"url": "https://github.com/honojs/hono/commit/91def7cab654bad5eecc9270e6620d577971ff5e"
},
{
"type": "PACKAGE",
"url": "https://github.com/honojs/hono"
},
{
"type": "WEB",
"url": "https://github.com/honojs/hono/releases/tag/v4.11.10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Hono added timing comparison hardening in basicAuth and bearerAuth"
}
GHSA-GW64-H9CG-PCCR
Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-13 18:31Windows Kerberos Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-29995"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-13T18:15:09Z",
"severity": "HIGH"
},
"details": "Windows Kerberos Elevation of Privilege Vulnerability",
"id": "GHSA-gw64-h9cg-pccr",
"modified": "2024-08-13T18:31:15Z",
"published": "2024-08-13T18:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29995"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29995"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H656-5VCF-CM23
Vulnerability from github – Published: 2026-03-03 19:08 – Updated: 2026-03-03 19:08Impact
In Telegram DM mode, inbound media was downloaded and written to disk before sender authorization checks completed. An unauthorized sender could trigger inbound media download/write activity (including media groups) even when DM access should be denied.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published version currently affected:
2026.2.23 - Vulnerable range:
<= 2026.2.23 - Patched in planned next release:
2026.2.24
Fix Commit(s)
9514201fb9b51de5d0b23151110d0ff5d9c8bd67
Technical Details
The Telegram handler flow now enforces DM authorization before media download/write paths execute, including media-group handling. Inbound channel activity tracking was also moved to run after DM authorization in the Telegram message context path.
Release Process Note
patched_versions is pre-set to the planned next release (2026.2.24). After npm publish, the advisory can be published without further version-field edits.
OpenClaw thanks @v8hid for reporting.
Publication Update (2026-02-25)
openclaw@2026.2.24 is published on npm and contains the fix commit(s) listed above. This advisory now marks >= 2026.2.24 as patched.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.2.23"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.2.24"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-208",
"CWE-404",
"CWE-406",
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T19:08:30Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Impact\n\nIn Telegram DM mode, inbound media was downloaded and written to disk before sender authorization checks completed. An unauthorized sender could trigger inbound media download/write activity (including media groups) even when DM access should be denied.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Latest published version currently affected: `2026.2.23`\n- Vulnerable range: `\u003c= 2026.2.23`\n- Patched in planned next release: `2026.2.24`\n\n## Fix Commit(s)\n\n- `9514201fb9b51de5d0b23151110d0ff5d9c8bd67`\n\n## Technical Details\n\nThe Telegram handler flow now enforces DM authorization before media download/write paths execute, including media-group handling. Inbound channel activity tracking was also moved to run after DM authorization in the Telegram message context path.\n\n## Release Process Note\n\n`patched_versions` is pre-set to the planned next release (`2026.2.24`). After npm publish, the advisory can be published without further version-field edits.\n\nOpenClaw thanks @v8hid for reporting.\n\n\n### Publication Update (2026-02-25)\n`openclaw@2026.2.24` is published on npm and contains the fix commit(s) listed above. This advisory now marks `\u003e= 2026.2.24` as patched.",
"id": "GHSA-h656-5vcf-cm23",
"modified": "2026-03-03T19:08:30Z",
"published": "2026-03-03T19:08:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h656-5vcf-cm23"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/9514201fb9b51de5d0b23151110d0ff5d9c8bd67"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check"
}
GHSA-H958-FXGG-G7W3
Vulnerability from github – Published: 2025-03-03 20:10 – Updated: 2025-05-27 18:36This security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.
Note that the Basic128Rsa15 is disabled by default so most users will not be affected. When this patch is applied the Server closes all channels using the Basic128Rsa15 if an attack is detected. This introduces a DoS before any compromise can occur which is preferable to a compromise. To prevent this failure, applications must stop using Basic128Rsa15.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "OPCFoundation.NetStandard.Opc.Ua.Core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.374.158"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-42512"
],
"database_specific": {
"cwe_ids": [
"CWE-208",
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-03T20:10:59Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "This security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.\n\nNote that the Basic128Rsa15 is disabled by default so most users will not be affected. When this patch is applied the Server closes all channels using the Basic128Rsa15 if an attack is detected. This introduces a DoS before any compromise can occur which is preferable to a compromise. To prevent this failure, applications must stop using Basic128Rsa15.",
"id": "GHSA-h958-fxgg-g7w3",
"modified": "2025-05-27T18:36:37Z",
"published": "2025-03-03T20:10:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-h958-fxgg-g7w3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42512"
},
{
"type": "WEB",
"url": "https://github.com/OPCFoundation/UA-.NETStandard/commit/3543d0292556691f681e39145e2de4526b90487d"
},
{
"type": "WEB",
"url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-42512.pdf"
},
{
"type": "PACKAGE",
"url": "https://github.com/OPCFoundation/UA-.NETStandard"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Security Update for the OPC UA .NET Standard Stack"
}
GHSA-HJHR-R3GQ-QVP6
Vulnerability from github – Published: 2019-02-18 23:39 – Updated: 2020-08-31 18:10Affected versions of csrf-lite are vulnerable to timing attacks as a result of testing CSRF tokens via a fail-early comparison instead of a constant-time comparison.
Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback on the correctness of a guess via miniscule timing differences.
Under favorable network conditions, an attacker can exploit this to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present.
Recommendation
Update to version 0.1.2 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "csrf-lite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-10535"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:40:36Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of `csrf-lite` are vulnerable to timing attacks as a result of testing CSRF tokens via a fail-early comparison instead of a constant-time comparison. \n\nTiming attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback on the correctness of a guess via miniscule timing differences.\n\nUnder favorable network conditions, an attacker can exploit this to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present. \n\n\n## Recommendation\n\nUpdate to version 0.1.2 or later.",
"id": "GHSA-hjhr-r3gq-qvp6",
"modified": "2020-08-31T18:10:37Z",
"published": "2019-02-18T23:39:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10535"
},
{
"type": "WEB",
"url": "https://github.com/isaacs/csrf-lite/pull/1"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-hjhr-r3gq-qvp6"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/94"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Timing Attack in csrf-lite"
}
GHSA-HRJM-C879-PP86
Vulnerability from github – Published: 2021-08-25 20:46 – Updated: 2023-08-25 00:12Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::check_overflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::check_overflow to execute in constant time.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "libsecp256k1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-25003"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:19:40Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Versions of libsecp256k1 prior to 0.3.1 did not execute `Scalar::check_overflow` in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying `Scalar::check_overflow` to execute in constant time.",
"id": "GHSA-hrjm-c879-pp86",
"modified": "2023-08-25T00:12:24Z",
"published": "2021-08-25T20:46:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25003"
},
{
"type": "WEB",
"url": "https://github.com/paritytech/libsecp256k1/commit/11ba23a9766a5079918cd9f515bc100bc8164b50"
},
{
"type": "PACKAGE",
"url": "https://github.com/paritytech/libsecp256k1"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0027.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "libsecp256k1 contains side-channel timing attack"
}
GHSA-HRQR-HXPP-CHR3
Vulnerability from github – Published: 2019-12-18 19:01 – Updated: 2025-02-13 18:33There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.
The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.
Impact
The session id stored in a cookie is the same id that is used when querying the backing session storage engine. Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id. By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.
Releases
The 1.6.12 and 2.0.8 releases are available at the normal locations.
Workarounds
There are no known workarounds.
Patches
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.
- 1-6-session-timing-attack.patch - Patch for 1.6 series
- 2-0-session-timing-attack.patch - Patch for 2.6 series
Credits
Thanks Will Leinweber for reporting this!
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "rack"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-16782"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2019-12-18T19:01:07Z",
"nvd_published_at": "2019-12-18T20:15:00Z",
"severity": "MODERATE"
},
"details": "There\u0027s a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\nThe session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.\n\n### Impact\n\nThe session id stored in a cookie is the same id that is used when querying the backing session storage engine. Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id. By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.\n\n## Releases\n\nThe 1.6.12 and 2.0.8 releases are available at the normal locations.\n\n### Workarounds\n\nThere are no known workarounds.\n\n### Patches\n\nTo aid users who aren\u0027t able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 1-6-session-timing-attack.patch - Patch for 1.6 series\n* 2-0-session-timing-attack.patch - Patch for 2.6 series\n\n### Credits\n\nThanks Will Leinweber for reporting this!",
"id": "GHSA-hrqr-hxpp-chr3",
"modified": "2025-02-13T18:33:17Z",
"published": "2019-12-18T19:01:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16782"
},
{
"type": "WEB",
"url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
},
{
"type": "PACKAGE",
"url": "https://github.com/rack/rack"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/12/18/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/12/18/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/12/19/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/04/08/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/04/09/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Possible Information Leak / Session Hijack Vulnerability in Rack"
}
GHSA-HVWM-W7RW-23CV
Vulnerability from github – Published: 2026-06-25 18:30 – Updated: 2026-06-26 18:33Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to submit crafted EnvelopedData messages and observe error responses could use this as a padding oracle to incrementally recover the encrypted Content Encryption Key (CEK). The fix generates a deterministic pseudo-random fake CEK on padding failure (via HMAC-SHA256) and proceeds with decryption identically, using constant-time operations throughout, so that all failure paths produce the same error regardless of padding validity.
{
"affected": [],
"aliases": [
"CVE-2026-6291"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T18:16:41Z",
"severity": "MODERATE"
},
"details": "Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData using RSA PKCS#1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to submit crafted EnvelopedData messages and observe error responses could use this as a padding oracle to incrementally recover the encrypted Content Encryption Key (CEK). The fix generates a deterministic pseudo-random fake CEK on padding failure (via HMAC-SHA256) and proceeds with decryption identically, using constant-time operations throughout, so that all failure paths produce the same error regardless of padding validity.",
"id": "GHSA-hvwm-w7rw-23cv",
"modified": "2026-06-26T18:33:49Z",
"published": "2026-06-25T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6291"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/pull/10203"
},
{
"type": "WEB",
"url": "https://www.wolfssl.com/docs/security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J5FH-PQQW-M384
Vulnerability from github – Published: 2026-07-08 12:30 – Updated: 2026-07-08 12:30A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash information, though practical exploitation is extremely difficult due to PBKDF2 computational overhead.
{
"affected": [],
"aliases": [
"CVE-2026-15041"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-08T11:16:26Z",
"severity": "LOW"
},
"details": "A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash information, though practical exploitation is extremely difficult due to PBKDF2 computational overhead.",
"id": "GHSA-j5fh-pqqw-m384",
"modified": "2026-07-08T12:30:24Z",
"published": "2026-07-08T12:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15041"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-15041"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J757-PF57-F8R4
Vulnerability from github – Published: 2024-10-10 22:03 – Updated: 2025-01-21 17:55Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability involves a timing attack in the way Gradio compares hashes for the analytics_dashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys.
Patches
Yes, please upgrade to gradio>4.44 to mitigate this issue.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
To mitigate the risk before applying the patch, developers can manually patch the analytics_dashboard dashboard to use a constant-time comparison function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "gradio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.44.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-47869"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-10T22:03:29Z",
"nvd_published_at": "2024-10-10T23:15:02Z",
"severity": "MODERATE"
},
"details": "### Impact \n**What kind of vulnerability is it? Who is impacted?**\n\nThis vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys.\n\n### Patches \nYes, please upgrade to `gradio\u003e4.44` to mitigate this issue.\n\n### Workarounds \n**Is there a way for users to fix or remediate the vulnerability without upgrading?**\n\nTo mitigate the risk before applying the patch, developers can manually patch the `analytics_dashboard` dashboard to use a **constant-time comparison** function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled.",
"id": "GHSA-j757-pf57-f8r4",
"modified": "2025-01-21T17:55:59Z",
"published": "2024-10-10T22:03:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-j757-pf57-f8r4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47869"
},
{
"type": "PACKAGE",
"url": "https://github.com/gradio-app/gradio"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2024-199.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Gradio performs a non-constant-time comparison when comparing hashes"
}
No mitigation information available for this CWE.
CAPEC-462: Cross-Domain Search Timing
An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain.
CAPEC-541: Application Fingerprinting
An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.
CAPEC-580: System Footprinting
An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.