ghsa-3wfh-36rx-9537
Vulnerability from github
Impact
A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many leading bytes match. This behavior could allow an attacker to perform a timing side-channel attack and potentially infer sensitive authentication material. All users relying on SCRAM authentication are impacted.
Patches
This vulnerability has been patched by replacing Arrays.equals with MessageDigest.isEqual, which ensures constant-time comparison.
Users should upgrade to version 3.2 or later to mitigate this issue.
Workarounds
Because the attack requires high precision and repeated attempts, the risk is limited, but the only reliable mitigation is to upgrade to a patched release (version 3.2 or later).
References
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.ongres.scram:scram-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59432"
],
"database_specific": {
"cwe_ids": [
"CWE-208",
"CWE-385"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-16T22:20:08Z",
"nvd_published_at": "2025-09-22T20:15:38Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nA timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because `Arrays.equals` was used to compare secret values such as client proofs and server signatures. Since `Arrays.equals` performs a short-circuit comparison, the execution time varies depending on how many leading bytes match. This behavior could allow an attacker to perform a timing side-channel attack and potentially infer sensitive authentication material. All users relying on SCRAM authentication are impacted.\n\n### Patches\n\nThis vulnerability has been patched by replacing `Arrays.equals` with `MessageDigest.isEqual`, which ensures constant-time comparison.\n\nUsers should upgrade to version **3.2** or later to mitigate this issue.\n\n### Workarounds\n\nBecause the attack requires high precision and repeated attempts, the risk is limited, but the only reliable mitigation is to upgrade to a patched release (version 3.2 or later).\n\n### References\n\n- [Java `MessageDigest.isEqual` Documentation](https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte[],byte[]))",
"id": "GHSA-3wfh-36rx-9537",
"modified": "2025-09-22T21:58:53Z",
"published": "2025-09-16T22:20:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ongres/scram/security/advisories/GHSA-3wfh-36rx-9537"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59432"
},
{
"type": "WEB",
"url": "https://github.com/ongres/scram/commit/f04975680d4a67bc84cc6c61bbffd5186223e2e2"
},
{
"type": "WEB",
"url": "https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte%5B%5D,byte%5B%5D)"
},
{
"type": "PACKAGE",
"url": "https://github.com/ongres/scram"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Timing Attack Vulnerability in SCRAM Authentication"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.