CWE-385 - Covert Timing Channel


Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information. In some instances, knowing when data is transmitted between parties can provide a malicious user with privileged information. Also, externally monitoring the timing of operations can potentially reveal sensitive data. Covert channels are frequently classified as either storage or timing channels. They can lead to information exposure.The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-385


Description of CWE-385 on Mitre website