Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:38810
HistoryJan 10, 2023 - 4:17 a.m.

Timing Attacks

2023-01-1004:17:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
vulnerability
timing attacks
clientsecretmatches
checkclientsecret
constant time
hash comparison
software

EPSS

0.002

Percentile

53.8%

JSON

github.com/openshift/osin is vulnerable to timing attacks. The vulnerability exists because the ClientSecretMatches function in client.go and CheckClientSecret function in util.go does not compare hashes in constant time, allowing an attacker to progressively use the timing of the request to identify a valid hash.

Related

cvelist 1
prion 1
github 1
osv 3
nvd 1
cve 1
redhatcve 1
redhat 3
cvelist
cvelist
CVE-2021-4294 OpenShift OSIN CheckClientSecret timing discrepancy
2022-12-28 16:51:34
prion
prion
Design/Logic Flaw
2022-12-28 17:15:00
github
github
OpenShift OSIN vulnerable to Observable Timing Discrepancy
2022-12-28 18:30:20
osv
osv
Timing attack in github.com/openshift/osin
2023-01-03 22:25:20
OpenShift OSIN vulnerable to Observable Timing Discrepancy
2022-12-28 18:30:20
CVE-2021-4294
2022-12-28 17:15:09
nvd
nvd
CVE-2021-4294
2022-12-28 17:15:09
cve
cve
CVE-2021-4294
2022-12-28 17:15:09
redhatcve
redhatcve
CVE-2021-4294
2022-12-29 04:35:00
redhat
redhat
(RHSA-2024:2047) Important: OpenShift Container Platform 4.13.41 bug fix and security update
2024-05-02 15:07:21
(RHSA-2024:2782) Important: OpenShift Container Platform 4.12.57 security update
2024-05-16 17:58:46
(RHSA-2023:5006) Important: OpenShift Container Platform 4.14.0 bug fix and security update
2023-10-31 12:52:06

EPSS

0.002

Percentile

53.8%

JSON
Related for VERACODE:38810
cvelist1prion1github1osv3nvd1cve1redhatcve1redhat3