Home > Vulnerability Database > WS-2021-0151

Mend.io Vulnerability Database

WS-2021-0151

Good to know:

Date: June 8, 2021

In “Bitwarden/web”, v1.6.0 to v1.9.1 do not properly implement a defense against timing attacks on mac verification. This allows a remote attacker to guess the correct bytes of the tag by looping over all possible first bytes and stop when verification takes a little longer, by repeating this process for all tag bytes an attacker will obtain a valid tag.

Language: TYPE_SCRIPT

Severity Score

3.7

Related Resources (2)

Url: https://github.com/bitwarden/web/commit/7d0a34fcebe4174a4cebf3f198ffcf0bed8b8682

Url: https://www.mend.io/vulnerability-database/WS-2021-0151

Severity Score

3.7

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Top Fix

Upgrade Version

Upgrade to version v1.10.0

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0151

Good to know:

Date: June 8, 2021

Language: TYPE_SCRIPT

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?