CVE-2024-0436

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-203
View all →

Vulnerability Description

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute

Related Vulnerabilities

CVE-2021-47226

HIGH
CVSS:7.1(High)

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid fo...

CWE-2032021

CVE-2020-9588

HIGH
CVSS:7.2(High)

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead...

CWE-2032020

CVE-2023-30312

HIGH
CVSS:7.3(High)

An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server ...

CWE-2032023

CVE-2020-11683

MEDIUM
CVSS:6.8(Medium)

A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected syste...

CWE-2032020

CVE-2017-6168

HIGH
CVSS:7.4(High)

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be...

CWE-2032017

CVE-2019-10764

HIGH
CVSS:7.4(High)

In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage...

CWE-2032019