AIKIDO-2025-10663
github.com/hashicorp/consul is vulnerable to Observable Timing Discrepancy
20
Low Risk
This Affects:
github.com/hashicorp/consulTL;DR
Affected versions of this package are vulnerable to a timing attack due to the failure to use constant-time comparisons for sensitive values. This vulnerability occurs when the code compares sensitive data like passwords or tokens in a non-constant time manner, allowing differences in execution time to be measured. An attacker can exploit this by sending numerous requests with guessed values and analyzing the response times to infer correct characters or values incrementally. It could lead to the disclosure of sensitive information and unauthorized access to systems or user accounts.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/hashicorp/consul is vulnerable to Observable Timing Discrepancy in versions 1.13.0 - 1.21.4.
How to fix this
Upgrade the github.com/hashicorp/consul library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant