Timing-Attack

Hitachi Energy GMS600 versions 1.3.0 and 1.3.1 are affected by CVE-2022-4304, a vulnerability in the OpenSSL RSA Decryption implementation; an attacker could exploit this timing-based side channel to recover plaintext across a network in a Bleichenbacher-style attack by sending trial messages to the server and recording processing times, eventually decrypting application data.

CVE-2019-1547 is a security vulnerability that could allow a remote timing attack.

mcp-ssh-tool versions 2.1.0 and earlier have a policy bypass in transfer path handling and expose a timing side channel in bearer-token comparison for HTTP deployments, addressed in version 2.1.1.

CVE-2018-0735 is a timing attack vulnerability in ECDSA signature generation affecting Microsoft products, potentially allowing attackers to recover private keys.