How severe is CVE-2023-32691?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-32691?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2023-32691 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`.

Related Vulnerabilities

CVE-2015-0837

MEDIUM

CVSS:5.9(Medium)

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during mod...

CWE-2032015

CVE-2015-8313

MEDIUM

CVSS:5.9(Medium)

GnuTLS incorrectly validates the first byte of padding in CBC modes

CWE-2032015

CVE-2016-0762

MEDIUM

CVSS:5.9(Medium)

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied...

CWE-2032016

CVE-2017-1000385

MEDIUM

CVSS:5.9(Medium)

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's priva...

CWE-2032017

CVE-2017-13098

MEDIUM

CVSS:5.9(Medium)

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using...

CWE-2032017

CVE-2017-13099

MEDIUM

CVSS:5.9(Medium)

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL ...

CWE-2032017