How severe is CVE-2022-29185?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2022-29185?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2022-29185

MEDIUM Year: 2022

CVSS v3 Score

4.4

Medium

CVSS v2 Score

3.5

Low

Weakness Type

CWE-203

View all →

Vulnerability Description

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds.

CVE-2020-12399

MEDIUM

CVSS:4.4(Medium)

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefo...

CWE-2032020

CVE-2020-12402

MEDIUM

CVSS:4.4(Medium)

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perfor...

CWE-2032020

CVE-2019-12383

MEDIUM

CVSS:4.3(Medium)

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my lang...

CWE-2032019

CVE-2020-35473

MEDIUM

CVSS:4.3(Medium)

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specificatio...

CWE-2032020

CVE-2020-6531

MEDIUM

CVSS:4.3(Medium)

Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032020

CVE-2021-20376

MEDIUM

CVSS:4.3(Medium)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568...

CWE-2032021

CVE-2022-29185

Vulnerability Description

Related Vulnerabilities

CVE-2020-12399

CVE-2020-12402

CVE-2019-12383

CVE-2020-35473

CVE-2020-6531

CVE-2021-20376