CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-4165

The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.3%

CVSS Severity

CVSS v2 Score 4.3

References

http://openwall.com/lists/oss-security/2013/07/25/5
https://github.com/bitcoin/bitcoin/issues/2838
https://github.com/bitcoin/bitcoin/pull/2845
http://openwall.com/lists/oss-security/2013/07/25/5
https://github.com/bitcoin/bitcoin/issues/2838
https://github.com/bitcoin/bitcoin/pull/2845

Products affected by CVE-2013-4165

Bitcoin » Bitcoin Core » Version: 0.8.1

cpe:2.3:a:bitcoin:bitcoin_core:0.8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-4165

Products

Pricing

Contact Us