Home > Vulnerability Database > WS-2021-0151

Mend.io Vulnerability Database

WS-2021-0151

Good to know:

Date: June 8, 2021

In “Bitwarden/web”, v1.6.0 to v1.9.1 do not properly implement a defense against timing attacks on mac verification. This allows a remote attacker to guess the correct bytes of the tag by looping over all possible first bytes and stop when verification takes a little longer, by repeating this process for all tag bytes an attacker will obtain a valid tag.

Language: TYPE_SCRIPT

Severity Score

5.8

Related Resources (2)

Url: https://github.com/bitwarden/web/commit/7d0a34fcebe4174a4cebf3f198ffcf0bed8b8682

Url: https://www.mend.io/vulnerability-database/WS-2021-0151

Severity Score

5.8

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Top Fix

Upgrade Version

Upgrade to version v1.10.0

Learn More

CVSS v3

Base Score:	5.8
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

Mend.io Vulnerability Database

We found results for “”

WS-2021-0151

Good to know:

Date: June 8, 2021

Language: TYPE_SCRIPT

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

Do you need more information?