CWE-1254
Incorrect Comparison Logic Granularity
Description
The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.
{"xhtml:p":["Comparison logic is used to compare a variety of objects including passwords, Message \n Authentication Codes (MACs), and responses to verification challenges. When comparison logic is \n implemented at a finer granularity (e.g., byte-by-byte comparison) and breaks in the case of a \n comparison failure, an attacker can exploit this implementation to identify when exactly \n the failure occurred. With multiple attempts, the attacker may be able to guesses the correct \n password/response to challenge and elevate their privileges."]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Bypass Protection Mechanism
Potential Mitigations
The hardware designer should ensure that comparison logic is implemented so as to compare in one operation instead in smaller chunks.
CVE-2019-10482Smartphone OS uses comparison functions that are not in constant time, allowing side channels
CVE-2019-10071Java-oriented framework compares HMAC signatures using String.equals() instead of a constant-time algorithm, causing timing discrepancies
CVE-2014-0984Password-checking function in router terminates validation of a password entry when it encounters the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now