GHSA-3wfh-36rx-9537: Timing Attack Vulnerability in SCRAM Authentication

1. GitHub Advisory Database
2. GitHub Reviewed
3. GHSA-3wfh-36rx-9537

Timing Attack Vulnerability in SCRAM Authentication

Moderate severity GitHub Reviewed Published Sep 16, 2025 in ongres/scram • Updated Sep 16, 2025

Package

maven com.ongres.scram:scram-common (Maven)

Impact

A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many leading bytes match. This behavior could allow an attacker to perform a timing side-channel attack and potentially infer sensitive authentication material. All users relying on SCRAM authentication are impacted.

Patches

This vulnerability has been patched by replacing Arrays.equals with MessageDigest.isEqual, which ensures constant-time comparison.

Users should upgrade to version 3.2 or later to mitigate this issue.

Workarounds

Because the attack requires high precision and repeated attempts, the risk is limited, but the only reliable mitigation is to upgrade to a patched release (version 3.2 or later).

References

• Java MessageDigest.isEqual Documentation

References

• GHSA-3wfh-36rx-9537
• ongres/scram@f049756
• https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte%5B%5D,byte%5B%5D)

Published to the GitHub Advisory Database

Sep 16, 2025

Last updated

Sep 16, 2025