CVE-2013-4165

Bitcoin Core 0.8.1 - Timing Side-Channel Information Disclosure via HTTP Authorization

Title source: llm
STIX 2.1

Description

The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.

References (3)

Core 3
Core References
Issue Tracking x_refsource_misc
https://github.com/bitcoin/bitcoin/pull/2845
Issue Tracking x_refsource_misc
https://github.com/bitcoin/bitcoin/issues/2838
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2013/07/25/5

Scores

EPSS 0.0228
EPSS Percentile 81.0%

Details

CWE
CWE-200
Status published
Products (1)
bitcoin/bitcoin_core 0.8.1
Published Aug 02, 2013
Tracked Since Feb 18, 2026