CWE-385
AllowedCovert Timing Channel
Abstraction: Base · Status: Incomplete
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
76 vulnerabilities reference this CWE, most recent first.
GHSA-WR9H-G72X-MWHM
Vulnerability from github – Published: 2025-10-07 17:24 – Updated: 2025-10-07 17:24Summary
The API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force.
Details
https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274
API key validation used a string comparison that will take longer the more characters the provided API key gets correct. Data analysis across many attempts can allow an attacker to determine when it finds the next correct character in the key sequence.
Impact
Deployments relying on vLLM's built-in API key validation are vulnerable to authentication bypass using this technique.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vllm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59425"
],
"database_specific": {
"cwe_ids": [
"CWE-385"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-07T17:24:47Z",
"nvd_published_at": "2025-10-07T14:15:38Z",
"severity": "HIGH"
},
"details": "### Summary\nThe API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force.\n\n### Details\nhttps://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274\n\nAPI key validation used a string comparison that will take longer the more characters the provided API key gets correct. Data analysis across many attempts can allow an attacker to determine when it finds the next correct character in the key sequence.\n \n### Impact\nDeployments relying on vLLM\u0027s built-in API key validation are vulnerable to authentication bypass using this technique.",
"id": "GHSA-wr9h-g72x-mwhm",
"modified": "2025-10-07T17:24:47Z",
"published": "2025-10-07T17:24:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48"
},
{
"type": "PACKAGE",
"url": "https://github.com/vllm-project/vllm"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274"
},
{
"type": "WEB",
"url": "https://github.com/vllm-project/vllm/releases/tag/v0.11.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "vLLM is vulnerable to timing attack at bearer auth"
}
GHSA-WWRV-F6V4-M66R
Vulnerability from github – Published: 2024-03-26 15:30 – Updated: 2024-03-26 15:30Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.
{
"affected": [],
"aliases": [
"CVE-2023-33855"
],
"database_specific": {
"cwe_ids": [
"CWE-385"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-26T14:15:07Z",
"severity": "LOW"
},
"details": "Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.",
"id": "GHSA-wwrv-f6v4-m66r",
"modified": "2024-03-26T15:30:50Z",
"published": "2024-03-26T15:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33855"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257676"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7145168"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X697-V25M-6PHV
Vulnerability from github – Published: 2024-01-16 12:30 – Updated: 2024-07-08 18:31A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
{
"affected": [],
"aliases": [
"CVE-2024-0553"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-385"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-16T12:15:45Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.",
"id": "GHSA-x697-v25m-6phv",
"modified": "2024-07-08T18:31:15Z",
"published": "2024-01-16T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0553"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0627"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0796"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1082"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1108"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-0553"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
},
{
"type": "WEB",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2"
},
{
"type": "WEB",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240202-0011"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X8QH-8J65-V4J9
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2025-11-03 21:31iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
{
"affected": [],
"aliases": [
"CVE-2024-26306"
],
"database_specific": {
"cwe_ids": [
"CWE-385"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:08:51Z",
"severity": "MODERATE"
},
"details": "iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
"id": "GHSA-x8qh-8j65-v4j9",
"modified": "2025-11-03T21:31:04Z",
"published": "2024-05-14T15:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26306"
},
{
"type": "WEB",
"url": "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc"
},
{
"type": "WEB",
"url": "https://github.com/esnet/iperf/releases/tag/3.17"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00027.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250228-0007"
},
{
"type": "WEB",
"url": "https://www.insyde.com/security-pledge/SA-2024005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XFGW-QCMV-354J
Vulnerability from github – Published: 2024-09-07 18:30 – Updated: 2025-11-04 21:31Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
{
"affected": [],
"aliases": [
"CVE-2023-46809"
],
"database_specific": {
"cwe_ids": [
"CWE-385"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-07T16:15:02Z",
"severity": "HIGH"
},
"details": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.",
"id": "GHSA-xfgw-qcmv-354j",
"modified": "2025-11-04T21:31:29Z",
"published": "2024-09-07T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XRX6-FMXQ-RJJ2
Vulnerability from github – Published: 2021-04-30 17:35 – Updated: 2024-10-26 22:33It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "rsa"
},
"ranges": [
{
"events": [
{
"introduced": "2.1"
},
{
"fixed": "4.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-25658"
],
"database_specific": {
"cwe_ids": [
"CWE-327",
"CWE-385"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-20T17:11:41Z",
"nvd_published_at": "2020-11-12T14:15:00Z",
"severity": "HIGH"
},
"details": "It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA",
"id": "GHSA-xrx6-fmxq-rjj2",
"modified": "2024-10-26T22:33:21Z",
"published": "2021-04-30T17:35:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25658"
},
{
"type": "WEB",
"url": "https://github.com/sybrenstuvel/python-rsa/issues/165"
},
{
"type": "WEB",
"url": "https://github.com/sybrenstuvel/python-rsa/commit/dae8ce0d85478e16f2368b2341632775313d41ed"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2020-25658"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889972"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-xrx6-fmxq-rjj2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/rsa/PYSEC-2020-100.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/sybrenstuvel/python-rsa"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:1716"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2021:0637"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:5634"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Timing attacks in python-rsa"
}
Mitigation
Whenever possible, specify implementation strategies that do not introduce time variances in operations.
Mitigation
Often one can artificially manipulate the time which operations take or -- when operations occur -- can remove information from the attacker.
Mitigation
It is reasonable to add artificial or random delays so that the amount of CPU time consumed is independent of the action being taken by the application.
CAPEC-462: Cross-Domain Search Timing
An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain.