{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/timing-oracle/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["vulnerability","timing oracle","credential access","doveadm"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-27856 describes a vulnerability in Doveadm, a component often used in conjunction with mail servers such as Dovecot. The vulnerability stems from the direct comparison method used to verify credentials, making it susceptible to timing oracle attacks. This vulnerability was published on March 27, 2026. An attacker leveraging this flaw can potentially determine the configured credentials by observing the time it takes for the system to respond to different credential attempts. While no…\u003c/p\u003e\n","date_modified":"2026-03-27T09:16:19Z","date_published":"2026-03-27T09:16:19Z","id":"/briefs/2026-03-doveadm-timing-oracle/","summary":"Doveadm credentials are verified using direct comparison, making it susceptible to timing oracle attacks, allowing attackers to determine credentials and gain full access.","title":"Doveadm Credentials Vulnerable to Timing Oracle Attack (CVE-2026-27856)","url":"https://feed.craftedsignal.io/briefs/2026-03-doveadm-timing-oracle/"}],"language":"en","title":"CraftedSignal Threat Feed — Timing Oracle","version":"https://jsonfeed.org/version/1.1"}