CVE-2025-59432: Timing Attack Vulnerability in SCRAM Authentication

The vulnerability is a timing side-channel attack in the SCRAM authentication mechanism. The root cause is the use of java.util.Arrays.equals to compare cryptographic secrets (client proofs and server signatures). Arrays.equals performs a byte-by-byte comparison and returns false as soon as a mismatch is found. This means the execution time of the comparison depends on the number of matching bytes from the beginning of the arrays. An attacker can measure the server's response time to repeated authentication attempts with slightly different proofs/signatures to incrementally guess the correct secret, byte by byte.

The provided patch f04975680d4a67bc84cc6c61bbffd5186223e2e2 addresses this by replacing the vulnerable Arrays.equals calls with java.security.MessageDigest.isEqual. MessageDigest.isEqual is specifically designed for cryptographic comparisons and always takes the same amount of time to execute, regardless of whether the byte arrays are equal or not. This constant-time comparison mitigates the timing attack vector.

The analysis of the patch clearly shows two functions where this insecure comparison was performed:

1. com.ongres.scram.common.ScramFunctions.verifyClientProof: This function verifies the client's proof. The patch replaces Arrays.equals with MessageDigest.isEqual for comparing the computed stored key with the provided one.
2. com.ongres.scram.common.ScramFunctions.verifyServerSignature: This function verifies the server's signature. The patch similarly replaces Arrays.equals with MessageDigest.isEqual.

These two functions are the points where an attacker would interact with the system to exploit the vulnerability. Therefore, they are the key runtime indicators for this CVE. Any security monitoring or profiling tool should look for these functions in stack traces related to SCRAM authentication failures or unusual timing patterns.