EUVD-2026-31236
Observable Timing Discrepancy (CWE-208)
GHSA-9jg7-fcmv-j845
5.9
CVSS 3.1
Share
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Lifecycle Timeline
1
Analysis Generated
May 21, 2026 - 08:09 vuln.today
DescriptionNVD
In Netatalk 1.5.0 through 4.4.2, des-ecb auth with timing side channel. Fixed in 4.5.0.
AnalysisAI
Timing side-channel exposure in Netatalk's DES-ECB authentication allows a remote unauthenticated attacker to conduct a cryptographic timing oracle attack against the AFP server, potentially recovering authentication secrets or credentials through statistical analysis of server response latency. Affected versions span 1.5.0 through 4.4.2 - a broad range covering multiple major releases - and the issue is rooted in non-constant-time operations during DES-ECB auth processing (CWE-208). …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).