CWE-208
AllowedObservable Timing Discrepancy
Abstraction: Base · Status: Incomplete
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
306 vulnerabilities reference this CWE, most recent first.
GHSA-W322-W9FV-RX3M
Vulnerability from github – Published: 2024-04-04 15:30 – Updated: 2024-04-04 15:30A timing-based side-channel exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
{
"affected": [],
"aliases": [
"CVE-2024-3296"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-04T14:15:11Z",
"severity": "MODERATE"
},
"details": "A timing-based side-channel exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.",
"id": "GHSA-w322-w9fv-rx3m",
"modified": "2024-04-04T15:30:34Z",
"published": "2024-04-04T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3296"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-3296"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269723"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W4CX-V96X-C4G8
Vulnerability from github – Published: 2023-01-07 12:30 – Updated: 2023-01-12 18:30A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The name of the patch is fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2014-125056"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-07T10:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The name of the patch is fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability.",
"id": "GHSA-w4cx-v96x-c4g8",
"modified": "2023-01-12T18:30:28Z",
"published": "2023-01-07T12:30:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125056"
},
{
"type": "WEB",
"url": "https://github.com/Pylons/horus/commit/fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.217598"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.217598"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W6M9-39CV-2FWP
Vulnerability from github – Published: 2026-04-13 19:31 – Updated: 2026-04-24 20:37Summary
A timing side-channel in the login endpoint allows unauthenticated attackers to determine whether a username exists by measuring response time differences. Requests for valid usernames take noticeably longer because the server performs bcrypt password verification, while requests for nonexistent usernames return much faster. This enables reliable remote username enumeration and increases the risk of targeted credential attacks.
Details
The issue affects the login endpoint:
POST /api/auth/token
The root cause is that authentication processing takes different code paths depending on whether the supplied username exists. When the username is found, the server performs bcrypt.CompareHashAndPassword, which adds substantial latency. When the username does not exist, the server returns immediately without performing an equivalent bcrypt operation.
Vulnerable flow:
user, err := db.Where("username = ?", username).First(&user)
if err != nil {
return ErrUnauthorized
}
err = bcrypt.CompareHashAndPassword(user.PasswordHash, []byte(password))
This creates a measurable timing discrepancy between: - existing username + wrong password requests, which incur bcrypt cost - nonexistent username + any password requests, which avoid bcrypt entirely
Because no constant-time equalization is performed, the endpoint leaks account existence through timing behavior.
The measurements provided show a large and consistent gap between the two cases across repeated trials, making the difference distinguishable without requiring especially high request volume. In the supplied test results:
- existing user requests averaged about 0.0616s
- nonexistent user requests averaged about 0.0027s
That gap is large enough to support reliable username enumeration under typical testing conditions.
PoC
The issue can be reproduced by sending repeated authentication attempts to the login endpoint using the same invalid password while alternating between a known valid username and a nonexistent username, then comparing average response times. Valid usernames consistently take longer because bcrypt verification is performed.
Impact
- Type: Timing side-channel / username enumeration
- Who is impacted: Any deployment exposing the affected login endpoint
- Security impact: Unauthenticated attackers can confirm valid usernames one at a time, improving the effectiveness of credential stuffing, password spraying, phishing, and other targeted account attacks
- Attack preconditions: None beyond network access to the login endpoint
- Confidentiality impact: Low to moderate, depending on the sensitivity of account existence in the target environment
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/enchant97/note-mark/backend"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.19.2-0.20260411145025-cf4c6f6acf70"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40263"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-13T19:31:50Z",
"nvd_published_at": "2026-04-17T01:17:40Z",
"severity": "LOW"
},
"details": "### Summary\nA timing side-channel in the login endpoint allows unauthenticated attackers to determine whether a username exists by measuring response time differences. Requests for valid usernames take noticeably longer because the server performs bcrypt password verification, while requests for nonexistent usernames return much faster. This enables reliable remote username enumeration and increases the risk of targeted credential attacks.\n\n### Details\nThe issue affects the login endpoint:\n\n- `POST /api/auth/token`\n\nThe root cause is that authentication processing takes different code paths depending on whether the supplied username exists. When the username is found, the server performs `bcrypt.CompareHashAndPassword`, which adds substantial latency. When the username does not exist, the server returns immediately without performing an equivalent bcrypt operation.\n\nVulnerable flow:\n\n```go\nuser, err := db.Where(\"username = ?\", username).First(\u0026user)\nif err != nil {\n return ErrUnauthorized\n}\nerr = bcrypt.CompareHashAndPassword(user.PasswordHash, []byte(password))\n```\n\nThis creates a measurable timing discrepancy between:\n- **existing username + wrong password** requests, which incur bcrypt cost\n- **nonexistent username + any password** requests, which avoid bcrypt entirely\n\nBecause no constant-time equalization is performed, the endpoint leaks account existence through timing behavior.\n\nThe measurements provided show a large and consistent gap between the two cases across repeated trials, making the difference distinguishable without requiring especially high request volume. In the supplied test results:\n- existing user requests averaged about `0.0616s`\n- nonexistent user requests averaged about `0.0027s`\n\nThat gap is large enough to support reliable username enumeration under typical testing conditions.\n\n### PoC\nThe issue can be reproduced by sending repeated authentication attempts to the login endpoint using the same invalid password while alternating between a known valid username and a nonexistent username, then comparing average response times. Valid usernames consistently take longer because bcrypt verification is performed.\n\n### Impact\n- **Type:** Timing side-channel / username enumeration\n- **Who is impacted:** Any deployment exposing the affected login endpoint\n- **Security impact:** Unauthenticated attackers can confirm valid usernames one at a time, improving the effectiveness of credential stuffing, password spraying, phishing, and other targeted account attacks\n- **Attack preconditions:** None beyond network access to the login endpoint\n- **Confidentiality impact:** Low to moderate, depending on the sensitivity of account existence in the target environment",
"id": "GHSA-w6m9-39cv-2fwp",
"modified": "2026-04-24T20:37:10Z",
"published": "2026-04-13T19:31:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/enchant97/note-mark/security/advisories/GHSA-w6m9-39cv-2fwp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40263"
},
{
"type": "WEB",
"url": "https://github.com/enchant97/note-mark/commit/cf4c6f6acf70b569d80396d323b067c00d45c034"
},
{
"type": "PACKAGE",
"url": "https://github.com/enchant97/note-mark"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel"
}
GHSA-W782-GJG9-CJX6
Vulnerability from github – Published: 2024-08-30 00:31 – Updated: 2024-08-30 00:31The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500
{
"affected": [],
"aliases": [
"CVE-2024-1543"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-29T23:15:10Z",
"severity": "MODERATE"
},
"details": "The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an attacker can gain a per instruction sub-cache-line resolution allowing them to break the cache-line-level protection. For details on the attack refer to: https://doi.org/10.46586/tches.v2024.i1.457-500",
"id": "GHSA-w782-gjg9-cjx6",
"modified": "2024-08-30T00:31:23Z",
"published": "2024-08-30T00:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1543"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W799-PRG3-CX77
Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2024-10-16 20:42python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "python-jose"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-7036"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-31T21:03:29Z",
"nvd_published_at": "2017-01-23T21:59:00Z",
"severity": "CRITICAL"
},
"details": "python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.",
"id": "GHSA-w799-prg3-cx77",
"modified": "2024-10-16T20:42:13Z",
"published": "2022-05-17T03:02:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7036"
},
{
"type": "WEB",
"url": "https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93"
},
{
"type": "WEB",
"url": "https://github.com/mpdavis/python-jose/commit/73007d6887a7517ac07c6e755e494baee49ef513"
},
{
"type": "PACKAGE",
"url": "https://github.com/mpdavis/python-jose"
},
{
"type": "WEB",
"url": "https://github.com/mpdavis/python-jose/releases/tag/1.3.2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/python-jose/PYSEC-2017-28.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210123221523/http://www.securityfocus.com/bid/95845"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "python-jose failure to use a constant time comparison for HMAC keys"
}
GHSA-W7JR-WQW6-54XC
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-12-19 21:06Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison validating the connection secret when an inbound TCP agent connection is initiated. This could potentially allow attackers to use statistical methods to obtain the connection secret.
Jenkins 2.219, LTS 2.204.2 now uses a constant-time comparison function for verifying connection secrets.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.204.1"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.204.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.218"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.205"
},
{
"fixed": "2.219"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-2101"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-19T21:06:40Z",
"nvd_published_at": "2020-01-29T16:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison validating the connection secret when an inbound TCP agent connection is initiated. This could potentially allow attackers to use statistical methods to obtain the connection secret.\n\nJenkins 2.219, LTS 2.204.2 now uses a constant-time comparison function for verifying connection secrets.",
"id": "GHSA-w7jr-wqw6-54xc",
"modified": "2022-12-19T21:06:40Z",
"published": "2022-05-24T17:07:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2101"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/0ba36508187ff771bba87feaf03057496775064c"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2020:0402"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2020:0675"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0681"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0683"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/jenkins"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1659"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Non-constant time comparison of inbound TCP agent connection secret"
}
GHSA-WJ6H-64FC-37MP
Vulnerability from github – Published: 2024-01-22 21:35 – Updated: 2025-07-30 18:17python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.sign_digest() API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH operations are affected. ECDSA signature verification is unaffected. The python-ecdsa project considers side channel attacks out of scope for the project and there is no planned fix.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ecdsa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-23342"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208",
"CWE-385"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-22T21:35:27Z",
"nvd_published_at": "2024-01-23T00:15:26Z",
"severity": "HIGH"
},
"details": "python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the `ecdsa.SigningKey.sign_digest()` API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH operations are affected. ECDSA signature verification is unaffected. The python-ecdsa project considers side channel attacks out of scope for the project and there is no planned fix.",
"id": "GHSA-wj6h-64fc-37mp",
"modified": "2025-07-30T18:17:40Z",
"published": "2024-01-22T21:35:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23342"
},
{
"type": "PACKAGE",
"url": "https://github.com/tlsfuzzer/python-ecdsa"
},
{
"type": "WEB",
"url": "https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md"
},
{
"type": "WEB",
"url": "https://minerva.crocs.fi.muni.cz"
},
{
"type": "WEB",
"url": "https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Minerva timing attack on P-256 in python-ecdsa"
}
GHSA-WQQ3-WFMP-V85G
Vulnerability from github – Published: 2026-04-16 21:10 – Updated: 2026-04-27 16:08Summary
The CipherEngine in Mojic v2.1.3 uses a standard equality operator (!==) to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy (CWE-208), allowing a potential attacker to bypass the file integrity check via a timing attack.
Details
In lib/CipherEngine.js, the footer check validates the HMAC signature using a standard string comparison:
if (footerHex !== calcDigest) { ... }
Standard string comparisons in JavaScript short-circuit; they return false the moment a character mismatch occurs. Because the time taken to evaluate the comparison is proportional to the number of matching leading bytes, an attacker can measure the exact microseconds it takes for the engine to throw the FILE_TAMPERED error. By repeatedly altering the signature byte-by-byte and analyzing these minute timing differences, a malicious actor can theoretically forge a valid HMAC signature without possessing the decryption password.
PoC
The vulnerable implementation is located in lib/CipherEngine.js, within the getDecryptStream() flush method (approximately line 265):
// Vulnerable Code
if (footerHex !== calcDigest) {
this.emit('error', new Error("FILE_TAMPERED"));
return;
}
Recommended Remediation:
Replace the standard equality operator with Node.js's built-in constant-time comparison utility, crypto.timingSafeEqual().
// Remediated Code
const footerBuffer = Buffer.from(footerHex, 'hex');
const calcBuffer = Buffer.from(calcDigest, 'hex');
if (footerBuffer.length !== calcBuffer.length || !crypto.timingSafeEqual(footerBuffer, calcBuffer)) {
this.emit('error', new Error("FILE_TAMPERED"));
return;
}
Impact
If successfully exploited, an attacker could tamper with the encrypted .mojic payload and forge a valid HMAC signature. This bypasses the integrity seal, tricking the decryption engine into processing maliciously injected emoji streams. Because the engine translates these emojis back into C keywords and raw data chunks, this could ultimately result in arbitrary Code Injection into the restored .c source code when an unsuspecting user decrypts the tampered file.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.1.3"
},
"package": {
"ecosystem": "npm",
"name": "mojic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41244"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-16T21:10:17Z",
"nvd_published_at": "2026-04-24T20:16:26Z",
"severity": "MODERATE"
},
"details": "### Summary\nThe `CipherEngine` in Mojic v2.1.3 uses a standard equality operator (`!==`) to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy (CWE-208), allowing a potential attacker to bypass the file integrity check via a timing attack.\n\n### Details\nIn `lib/CipherEngine.js`, the footer check validates the HMAC signature using a standard string comparison:\n`if (footerHex !== calcDigest) { ... }`\n\nStandard string comparisons in JavaScript short-circuit; they return `false` the moment a character mismatch occurs. Because the time taken to evaluate the comparison is proportional to the number of matching leading bytes, an attacker can measure the exact microseconds it takes for the engine to throw the `FILE_TAMPERED` error. By repeatedly altering the signature byte-by-byte and analyzing these minute timing differences, a malicious actor can theoretically forge a valid HMAC signature without possessing the decryption password.\n\n### PoC\nThe vulnerable implementation is located in `lib/CipherEngine.js`, within the `getDecryptStream()` flush method (approximately line 265):\n\n```javascript\n// Vulnerable Code\nif (footerHex !== calcDigest) {\n this.emit(\u0027error\u0027, new Error(\"FILE_TAMPERED\"));\n return;\n}\n```\n\n### Recommended Remediation:\nReplace the standard equality operator with Node.js\u0027s built-in constant-time comparison utility, crypto.timingSafeEqual().\n\n```JavaScript\n// Remediated Code\nconst footerBuffer = Buffer.from(footerHex, \u0027hex\u0027);\nconst calcBuffer = Buffer.from(calcDigest, \u0027hex\u0027);\n\nif (footerBuffer.length !== calcBuffer.length || !crypto.timingSafeEqual(footerBuffer, calcBuffer)) {\n this.emit(\u0027error\u0027, new Error(\"FILE_TAMPERED\"));\n return;\n}\n```\n\n### Impact\nIf successfully exploited, an attacker could tamper with the encrypted .mojic payload and forge a valid HMAC signature. This bypasses the integrity seal, tricking the decryption engine into processing maliciously injected emoji streams. Because the engine translates these emojis back into C keywords and raw data chunks, this could ultimately result in arbitrary Code Injection into the restored .c source code when an unsuspecting user decrypts the tampered file.",
"id": "GHSA-wqq3-wfmp-v85g",
"modified": "2026-04-27T16:08:33Z",
"published": "2026-04-16T21:10:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/notamitgamer/mojic/security/advisories/GHSA-wqq3-wfmp-v85g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41244"
},
{
"type": "PACKAGE",
"url": "https://github.com/notamitgamer/mojic"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mojic: Observable Timing Discrepancy in HMAC Verification"
}
GHSA-X2V7-W9J6-RQMX
Vulnerability from github – Published: 2025-03-28 03:30 – Updated: 2025-04-11 18:30String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.
As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)."
This is similar to CVE-2020-36829
{
"affected": [],
"aliases": [
"CVE-2024-13939"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-28T03:15:15Z",
"severity": "HIGH"
},
"details": "String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.\n\nAs stated in the documentation: \"If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents).\"\n\nThis is similar to\u00a0CVE-2020-36829",
"id": "GHSA-x2v7-w9j6-rqmx",
"modified": "2025-04-11T18:30:40Z",
"published": "2025-03-28T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13939"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X7P4-V8MJ-6FXX
Vulnerability from github – Published: 2025-08-21 18:31 – Updated: 2025-08-22 16:51Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the application by inspecting the server processing time of the login request.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay.portal:release.portal.bom"
},
"ranges": [
{
"events": [
{
"introduced": "7.4.0-ga1"
},
{
"last_affected": "7.4.3.132-ga132"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43754"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-22T16:51:24Z",
"nvd_published_at": "2025-08-21T18:15:33Z",
"severity": "MODERATE"
},
"details": "Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the application by inspecting the server processing time of the login request.",
"id": "GHSA-x7p4-v8mj-6fxx",
"modified": "2025-08-22T16:51:24Z",
"published": "2025-08-21T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43754"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/f25bb9583f059f86937649fdacf940928ca3767b"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/c8041d0f527388305897ac79f98d012bb31b82ac"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/9ce8b8dec237f9b9049760904fcefd06a8695832"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/9b4be82e964e9bbab1ce9824a61d9f40b28f38bb"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/862ca74aaf98c70823022b6556cdc8a339128f79"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/7118e956516d48792fb9365d1ae1f0ee971a8ac3"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/6fdbb052a6e0cbe8b300138fb75f88df69f58799"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/6f6f9f0922f6a13e21236915b864e0c1c12e47a9"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/6629bb176c1f58ca852d599c013bd3e97b3312d3"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/5b1bf48b0dc2a062928237ab1ea4a2274c63e652"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/556450752159503476635c44736721ad797fa431"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/53e6dcaa31a7599df8de9d3cef92e59e95a2064e"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/45c3ca76966ddfaf8fe650f28910b0f55536f2b4"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/38c0a06cebf0d635aa2af9912c068217161fcf1e"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/367dc7d19aa31eaf881f217ceff9610f1747e2d7"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/33697cf599a2c573ef9571696af55476ecc2ada6"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/18a88af5409a5085cb094f5bc55229d5e03a9f29"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/06b603671f0e76cd50f56d803a310a3c79944d1d"
},
{
"type": "WEB",
"url": "https://liferay.atlassian.net/browse/LPE-18149"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43754"
},
{
"type": "PACKAGE",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "http://github.com/liferay/liferay-portal/commit/8199c568a66d66d6ad7ac450d3c69f6e0e9bd181"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Liferay Portal Username Enumeration Vulnerability"
}
No mitigation information available for this CWE.
CAPEC-462: Cross-Domain Search Timing
An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain.
CAPEC-541: Application Fingerprinting
An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.
CAPEC-580: System Footprinting
An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.