CVE-2013-4165

Published: Aug 2, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.

Affected (1)

Products: Bitcoin: Bitcoin Core

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bitcoin Bitcoin Core	Version 0.8.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://openwall.com/lists/oss-security/2013/07/25/5

Source: secalert@redhat.com

https://github.com/bitcoin/bitcoin/issues/2838

Source: secalert@redhat.com

https://github.com/bitcoin/bitcoin/pull/2845

Source: secalert@redhat.com

http://openwall.com/lists/oss-security/2013/07/25/5

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/bitcoin/bitcoin/issues/2838

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/bitcoin/bitcoin/pull/2845

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.