Monthly
phpseclib's SSH2 packet authentication uses PHP's non-constant-time != operator to compare HMACs, enabling timing-based information disclosure attacks on SSH sessions. The vulnerability affects phpseclib versions prior to 1.0.28, 2.0.53, and 3.0.51. An unauthenticated remote attacker can exploit variable-time comparison behavior to infer valid HMAC values through precise timing measurements, potentially compromising the confidentiality of SSH communications. No public exploit code or active exploitation has been confirmed, but this is a cryptographic timing vulnerability with proven scalability via benchmarking.
Parse Server versions prior to 9.8.0-alpha.6 and 8.6.74 leak valid usernames through timing side-channel attacks on the login endpoint, allowing unauthenticated attackers to enumerate existing user accounts by measuring response latency differences between non-existent users and incorrect password attempts. The vulnerability exploits inadequate constant-time comparison in password verification, enabling account enumeration without authentication and with moderate attack complexity.
Traefik's BasicAuth middleware contains a timing attack vulnerability that enables username enumeration through observable response time differences between valid and invalid usernames. An unauthenticated network attacker can distinguish existing usernames from non-existent ones by measuring response latency-valid usernames trigger ~166ms bcrypt operations while invalid usernames return in ~0.6ms, creating a ~298x timing differential. Affected versions include Traefik 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1; patches are available in versions 2.11.41, 3.6.11, and 3.7.0-ea.2.
phpseclib versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a padding oracle timing attack when using AES in CBC mode, allowing attackers to decrypt sensitive data through cryptanalysis of response timing differences. This information disclosure vulnerability affects any PHP application using the vulnerable phpseclib library for AES-CBC encryption. Although no CVSS score, EPSS data, or confirmed active exploitation (KEV status) are currently available, the presence of a verified fix and security advisory indicates this is a legitimate cryptographic weakness requiring attention.
A timing side-channel vulnerability exists in the h3 npm package's `requireBasicAuth` function, where unsafe string comparison using the `!==` operator allows attackers to deduce valid passwords character-by-character by measuring server response times. This affects all versions of h3 that implement this vulnerable authentication mechanism, and while a proof-of-concept exists demonstrating feasibility in local/co-located network environments, the attack requires statistical analysis over multiple requests and is significantly hampered by network jitter in internet-scale scenarios. The CVSS score of 5.9 reflects high confidentiality impact but high attack complexity, placing this in moderate-priority territory despite the linear password recovery capability.
Cleanuparr versions 2.7.0 through 2.8.0 contain a timing-based username enumeration vulnerability in the /api/auth/login endpoint that allows unauthenticated remote attackers to discover valid usernames by analyzing response time differences. The flaw stems from password verification logic that performs expensive cryptographic hashing only after validating username existence, creating a measurable timing side-channel. This vulnerability is fixed in version 2.8.1 and presents a moderate information disclosure risk with a CVSS score of 6.9, though exploitation requires no special privileges or user interaction.
OpenClaw versions before 2026.2.13 are vulnerable to timing side-channel attacks on hook token validation due to use of non-constant-time string comparison. Remote attackers can exploit this weakness by measuring response times across multiple requests to gradually recover authentication tokens for the hooks endpoint. This affects confidentiality and integrity of OpenClaw deployments accessible over the network.
OpenClaw versions before 2026.2.12 are vulnerable to timing-based token extraction attacks due to non-constant-time string comparison in hook authentication. A network-based attacker can exploit this side-channel vulnerability to gradually recover the hook validation token through repeated timing measurements across multiple requests. The vulnerability requires repeated probing but poses a confidentiality risk to systems using vulnerable versions.
An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel. [CVSS 7.5 HIGH]
Timing side-channel attacks in AWS-LC's AES-CCM decryption implementation allow unauthenticated attackers to infer authentication tag validity through precise timing measurements. The vulnerability affects AWS-LC and related cryptographic libraries across multiple AES-CCM variants (128, 192, and 256-bit), potentially enabling attackers to forge authenticated messages. AWS service customers are unaffected, but applications using AWS-LC directly should upgrade to version 1.69.0 or later.
phpseclib's SSH2 packet authentication uses PHP's non-constant-time != operator to compare HMACs, enabling timing-based information disclosure attacks on SSH sessions. The vulnerability affects phpseclib versions prior to 1.0.28, 2.0.53, and 3.0.51. An unauthenticated remote attacker can exploit variable-time comparison behavior to infer valid HMAC values through precise timing measurements, potentially compromising the confidentiality of SSH communications. No public exploit code or active exploitation has been confirmed, but this is a cryptographic timing vulnerability with proven scalability via benchmarking.
Parse Server versions prior to 9.8.0-alpha.6 and 8.6.74 leak valid usernames through timing side-channel attacks on the login endpoint, allowing unauthenticated attackers to enumerate existing user accounts by measuring response latency differences between non-existent users and incorrect password attempts. The vulnerability exploits inadequate constant-time comparison in password verification, enabling account enumeration without authentication and with moderate attack complexity.
Traefik's BasicAuth middleware contains a timing attack vulnerability that enables username enumeration through observable response time differences between valid and invalid usernames. An unauthenticated network attacker can distinguish existing usernames from non-existent ones by measuring response latency-valid usernames trigger ~166ms bcrypt operations while invalid usernames return in ~0.6ms, creating a ~298x timing differential. Affected versions include Traefik 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1; patches are available in versions 2.11.41, 3.6.11, and 3.7.0-ea.2.
phpseclib versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a padding oracle timing attack when using AES in CBC mode, allowing attackers to decrypt sensitive data through cryptanalysis of response timing differences. This information disclosure vulnerability affects any PHP application using the vulnerable phpseclib library for AES-CBC encryption. Although no CVSS score, EPSS data, or confirmed active exploitation (KEV status) are currently available, the presence of a verified fix and security advisory indicates this is a legitimate cryptographic weakness requiring attention.
A timing side-channel vulnerability exists in the h3 npm package's `requireBasicAuth` function, where unsafe string comparison using the `!==` operator allows attackers to deduce valid passwords character-by-character by measuring server response times. This affects all versions of h3 that implement this vulnerable authentication mechanism, and while a proof-of-concept exists demonstrating feasibility in local/co-located network environments, the attack requires statistical analysis over multiple requests and is significantly hampered by network jitter in internet-scale scenarios. The CVSS score of 5.9 reflects high confidentiality impact but high attack complexity, placing this in moderate-priority territory despite the linear password recovery capability.
Cleanuparr versions 2.7.0 through 2.8.0 contain a timing-based username enumeration vulnerability in the /api/auth/login endpoint that allows unauthenticated remote attackers to discover valid usernames by analyzing response time differences. The flaw stems from password verification logic that performs expensive cryptographic hashing only after validating username existence, creating a measurable timing side-channel. This vulnerability is fixed in version 2.8.1 and presents a moderate information disclosure risk with a CVSS score of 6.9, though exploitation requires no special privileges or user interaction.
OpenClaw versions before 2026.2.13 are vulnerable to timing side-channel attacks on hook token validation due to use of non-constant-time string comparison. Remote attackers can exploit this weakness by measuring response times across multiple requests to gradually recover authentication tokens for the hooks endpoint. This affects confidentiality and integrity of OpenClaw deployments accessible over the network.
OpenClaw versions before 2026.2.12 are vulnerable to timing-based token extraction attacks due to non-constant-time string comparison in hook authentication. A network-based attacker can exploit this side-channel vulnerability to gradually recover the hook validation token through repeated timing measurements across multiple requests. The vulnerability requires repeated probing but poses a confidentiality risk to systems using vulnerable versions.
An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel. [CVSS 7.5 HIGH]
Timing side-channel attacks in AWS-LC's AES-CCM decryption implementation allow unauthenticated attackers to infer authentication tag validity through precise timing measurements. The vulnerability affects AWS-LC and related cryptographic libraries across multiple AES-CCM variants (128, 192, and 256-bit), potentially enabling attackers to forge authenticated messages. AWS service customers are unaffected, but applications using AWS-LC directly should upgrade to version 1.69.0 or later.