Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-208 (通过时间差异性导致的信息暴露) — Vulnerability Class 103

103 vulnerabilities classified as CWE-208 (通过时间差异性导致的信息暴露). AI Chinese analysis included.

CWE-208 represents an information leakage weakness where an application’s response time varies based on internal state, inadvertently revealing sensitive data to external observers. Attackers typically exploit this by measuring the duration of operations, such as login attempts or database queries, to infer the existence of valid usernames or correct password characters. By analyzing these subtle timing differences, adversaries can bypass authentication mechanisms or extract confidential information without direct access. To mitigate this risk, developers must ensure that all security-critical operations take a constant amount of time, regardless of the outcome. This involves implementing uniform error handling, using constant-time comparison algorithms for secrets, and avoiding early returns that expose processing stages. By standardizing execution duration, applications prevent attackers from leveraging timing discrepancies to gain unauthorized insights into system states or credentials.

MITRE CWE Description
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product's internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.
Common Consequences (1)
Confidentiality, Access ControlRead Application Data, Bypass Protection Mechanism
Examples (2)
Consider an example hardware module that checks a user-provided password to grant access to a user. The user-provided password is compared against a golden value in a byte-by-byte manner.
always_comb @ (posedge clk) begin assign check_pass[3:0] = 4'b0; for (i = 0; i < 4; i++) begin if (entered_pass[(i*8 - 1) : i] eq golden_pass([i*8 - 1) : i]) assign check_pass[i] = 1; continue; else assign check_pass[i] = 0; break; end assign grant_access = (check_pass == 4'b1111) ? 1'b1: 1'b0; end
Bad · Verilog
always_comb @ (posedge clk) begin assign check_pass[3:0] = 4'b0; for (i = 0; i < 4; i++) begin if (entered_pass[(i*8 - 1) : i] eq golden_pass([i*8 -1) : i]) assign check_pass[i] = 1; continue; else assign check_pass[i] = 0; continue; end assign grant_access = (check_pass == 4'b1111) ? 1'b1: 1'b0; end
Good · Verilog
In this example, the attacker observes how long an authentication takes when the user types in the correct password.
def validate_password(actual_pw, typed_pw): if len(actual_pw) <> len(typed_pw): return 0 for i in len(actual_pw): if actual_pw[i] <> typed_pw[i]: return 0 return 1
Bad · Python
CVE IDTitleCVSSSeverityPublished
CVE-2021-26314 AMD Speculative execution with Floating-Point Value Injection — All supported processors 5.5 -2021-06-09
CVE-2021-26313 AMD Speculative Code Store Bypass — All supported processors 5.5 -2021-06-09
CVE-2021-31403 Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 — Vaadin 4.0 Medium2021-04-23
CVE-2021-31404 Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 — Vaadin 4.0 Medium2021-04-23
CVE-2021-31406 Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 — Vaadin 4.0 Medium2021-04-23
CVE-2020-1926 Timing attack in Cookie signature verification — Apache Hive 5.9 -2021-03-16
CVE-2020-15237 Timing attack in Shrine — shrine 5.9 Medium2020-10-05
CVE-2020-4071 Timing attack on django-basic-auth-ip-whitelist — django-basic-auth-ip-whitelist 2.2 Low2020-06-24
CVE-2020-11037 Potential Observable Timing Discrepancy in Wagtail — Wagtail 6.1 Medium2020-04-30
CVE-2019-16782 Possible Information Leak / Session Hijack Vulnerability in Rack — rack 6.3 Medium2019-12-18
CVE-2019-13420 floragunn Search Guard 信息泄露漏洞 — Search Guard 5.9 -2019-08-13
CVE-2019-9494 The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks — hostapd with SAE support 5.9 -2019-04-17
CVE-2016-10535 csrf-lite 安全漏洞 — csrf-lite node module 5.9 -2018-05-31

Vulnerabilities classified as CWE-208 (通过时间差异性导致的信息暴露) represent 103 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.