CWE-208 Base Incompleto

Observable Timing Discrepancy

This vulnerability occurs when an application takes measurably different amounts of time to perform different operations, such as checking a password or processing a request. An attacker can observe…

Definición

What is CWE-208?

This vulnerability occurs when an application takes measurably different amounts of time to perform different operations, such as checking a password or processing a request. An attacker can observe these timing differences to learn sensitive information, like whether a username is valid or a cryptographic key guess is correct.
Timing discrepancies act as a side channel, leaking information through the back door of performance. Even tiny, millisecond differences in response times can be statistically analyzed by an attacker to map out internal application logic, bypassing intended security controls. This is especially dangerous in authentication, authorization, and cryptographic functions where a 'fast fail' for an incorrect input can reveal its validity. To exploit this, attackers don't need direct access to error messages or data—they simply measure how long operations take. For example, a string comparison that stops at the first mismatched character will return faster for a wrong password starting with an incorrect letter than for one starting with the correct letter. Over many requests, this allows an attacker to gradually infer secrets, piece by piece, by observing which operations take longer to complete.
Impacto en el mundo real

Real-world CVEs caused by CWE-208

  • CVE-2019-10071

    Java-oriented framework compares HMAC signatures using String.equals() instead of a constant-time algorithm, causing timing discrepancies

  • CVE-2019-10482

    Smartphone OS uses comparison functions that are not in constant time, allowing side channels

  • CVE-2014-0984

    Password-checking function in router terminates validation of a password entry when it encounters the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.

  • CVE-2003-0078

    SSL implementation does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."

  • CVE-2000-1117

    Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.

  • CVE-2003-0637

    Product uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.

  • CVE-2003-0190

    Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

  • CVE-2004-1602

    FTP server responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.

Cómo lo explotan los atacantes

Ruta del atacante paso a paso

  1. 1

    Consider an example hardware module that checks a user-provided password to grant access to a user. The user-provided password is compared against a golden value in a byte-by-byte manner.

  2. 2

    Since the code breaks on an incorrect entry of password, an attacker can guess the correct password for that byte-check iteration with few repeat attempts.

  3. 3

    To fix this weakness, either the comparison of the entire string should be done all at once, or the attacker is not given an indication whether pass or fail happened by allowing the comparison to run through all bits before the grant_access signal is set.

  4. 4

    In this example, the attacker observes how long an authentication takes when the user types in the correct password.

  5. 5

    When the attacker tries their own values, they can first try strings of various length. When they find a string of the right length, the computation will take a bit longer, because the for loop will run at least once. Additionally, with this code, the attacker can possibly learn one character of the password at a time, because when they guess the first character right, the computation will take longer than a wrong guesses. Such an attack can break even the most sophisticated password with a few hundred guesses.

Ejemplo de código vulnerable

Vulnerable Verilog

Consider an example hardware module that checks a user-provided password to grant access to a user. The user-provided password is compared against a golden value in a byte-by-byte manner.

Vulnerable Verilog 
always_comb @ (posedge clk)

 begin

```
   assign check_pass[3:0] = 4'b0;
   for (i = 0; i < 4; i++) begin
  	 if (entered_pass[(i*8 - 1) : i] eq golden_pass([i*8 - 1) : i])
  		 assign check_pass[i] = 1;
  		 continue;
  	 else
  		 assign check_pass[i] = 0;
  		 break;
  	 end
   assign grant_access = (check_pass == 4'b1111) ? 1'b1: 1'b0;
 end
Ejemplo de código seguro

Secure Verilog

To fix this weakness, either the comparison of the entire string should be done all at once, or the attacker is not given an indication whether pass or fail happened by allowing the comparison to run through all bits before the grant_access signal is set.

Seguro Verilog 
always_comb @ (posedge clk)
 begin

```
   assign check_pass[3:0] = 4'b0;
   for (i = 0; i < 4; i++) begin
  	 if (entered_pass[(i*8 - 1) : i] eq golden_pass([i*8 -1) : i])
  		 assign check_pass[i] = 1;
  		 continue;
  	 else
  		 assign check_pass[i] = 0;
  		 continue;
  	 end
   assign grant_access = (check_pass == 4'b1111) ? 1'b1: 1'b0;
 end
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de prevención

How to prevent CWE-208

  • Architecture Use safe-by-default frameworks and APIs that prevent the unsafe pattern from being expressible.
  • Implementation Validate input at trust boundaries; use allowlists, not denylists.
  • Implementation Apply the principle of least privilege to credentials, file paths, and runtime permissions.
  • Testing Cover this weakness in CI: SAST rules + targeted unit tests for the data flow.
  • Operation Monitor logs for the runtime signals listed in the next section.
Señales de detección

How to detect CWE-208

SAST High

Ejecuta análisis estático (SAST) sobre el código buscando el patrón inseguro en el flujo de datos.

DAST Moderate

Ejecuta pruebas dinámicas de seguridad de aplicaciones (DAST) contra el endpoint en vivo.

Runtime Moderate

Vigila los logs en tiempo de ejecución para detectar trazas de excepción inusuales, entradas malformadas o intentos de bypass de autorización.

Code review Moderate

Revisión de código: marca cualquier código nuevo que maneje entrada desde esta superficie sin usar los helpers validados del framework.

Auto-corrección de Plexicus

Plexicus detecta automáticamente CWE-208 y abre un PR de corrección en menos de 60 segundos.

Codex Remedium escanea cada commit, identifica esta debilidad concreta y entrega un pull request listo para revisión con el parche. Sin tickets. Sin traspasos.

Solicitar demo Probar Plexicus gratis
Preguntas frecuentes

Frequently asked questions

¿Qué es CWE-208?

This vulnerability occurs when an application takes measurably different amounts of time to perform different operations, such as checking a password or processing a request. An attacker can observe these timing differences to learn sensitive information, like whether a username is valid or a cryptographic key guess is correct.

¿Qué gravedad tiene CWE-208?

MITRE no ha publicado una calificación de probabilidad de explotación para esta debilidad. Trátala como de impacto medio hasta que tu modelo de amenazas demuestre lo contrario.

¿Qué lenguajes o plataformas se ven afectados por CWE-208?

MITRE no ha especificado plataformas afectadas para esta CWE — puede aplicar a la mayoría de los stacks de aplicaciones.

¿Cómo puedo prevenir CWE-208?

Use safe-by-default frameworks, validate untrusted input at trust boundaries, and apply the principle of least privilege. Cover the data-flow signature in CI with SAST.

¿Cómo detecta y corrige Plexicus CWE-208?

El motor SAST de Plexicus detecta la firma de flujo de datos para CWE-208 en cada commit. Cuando hay coincidencia, nuestro agente Codex Remedium abre un PR de corrección con el código corregido, las pruebas y un resumen de una línea para el revisor.

¿Dónde puedo aprender más sobre CWE-208?

MITRE publica la definición canónica en https://cwe.mitre.org/data/definitions/208.html. También puedes consultar la documentación de OWASP y NIST para guías relacionadas.

Debilidades relacionadas

Weaknesses related to CWE-208

CWE-203 Padre

Observable Discrepancy

This vulnerability occurs when an application responds differently to unauthorized users based on internal conditions. Attackers can…

CWE-1300 Hermano

Improper Protection of Physical Side Channels

This vulnerability occurs when a hardware device lacks adequate safeguards against physical side-channel attacks. Attackers can exploit…

CWE-1303 Hermano

Non-Transparent Sharing of Microarchitectural Resources

This vulnerability occurs when a processor's internal performance features, like caches and branch predictors, are unintentionally shared…

CWE-204 Hermano

Observable Response Discrepancy

This vulnerability occurs when an application responds differently to similar requests, unintentionally leaking details about its internal…

CWE-205 Hermano

Observable Behavioral Discrepancy

This vulnerability occurs when an application behaves differently in ways that unauthorized users can detect. These observable differences…

CWE-385 Puede preceder

Covert Timing Channel

A covert timing channel is a security flaw where an attacker can deduce secret information by observing how long certain operations take…

CWE-327 Puede preceder

Use of a Broken or Risky Cryptographic Algorithm

The software relies on a cryptographic algorithm or protocol that is either fundamentally flawed or considered too weak by modern security…

CWE-1254 Hijo

Incorrect Comparison Logic Granularity

This vulnerability occurs when a system compares sensitive data, like passwords or authentication tokens, piece-by-piece instead of as a…

Recursos

Further reading

Listo cuando tú lo estés

Deja de pagar por desarrollador.
Empieza a cerrar el bucle.

Plexicus es el ASPM nativo de IA que escanea, filtra, corrige, pentestea y explica — de forma autónoma. Desarrolladores ilimitados, repos ilimitados, acciones de IA de uso justo. Nivel gratuito real, €269/mo anual cuando estés listo.

Comenzar gratis Reservar una demo