CVE-2013-4165
Bitcoin Core 0.8.1 - Timing Side-Channel Information Disclosure via HTTP Authorization
Title source: llmDescription
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.
References (3)
Core 3
Core References
Issue Tracking x_refsource_misc
https://github.com/bitcoin/bitcoin/pull/2845
Issue Tracking x_refsource_misc
https://github.com/bitcoin/bitcoin/issues/2838
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/07/25/5
Scores
EPSS
0.0228
EPSS Percentile
81.0%
Details
CWE
CWE-200
Status
published
Products (1)
bitcoin/bitcoin_core
0.8.1
Published
Aug 02, 2013
Tracked Since
Feb 18, 2026