Memcached Timing Side-Channel Vulnerability in SASL Password Authentication

A timing side-channel vulnerability has been identified in Memcached versions prior to 1.6.42, specifically within the SASL password database authentication mechanism. The issue arises because the function used to compare passwords, 'memcmp', can be exploited to infer information about the password data through timing analysis. This vulnerability allows an attacker to potentially leak password bytes by measuring the time taken for comparisons to complete.

Impact

Exploitation of this vulnerability could lead to unauthorized access by allowing an attacker to deduce password information through timing discrepancies, thereby bypassing authentication mechanisms.

Reproduction

The vulnerability can be reproduced by enabling SASL authentication in Memcached and using a client to send authentication requests. By carefully timing the responses, it is possible to exploit the timing side-channel and infer password data. This can be automated with a script that measures response times and analyzes the data to extract leaked password bytes.

Remediation

Users are advised to upgrade to Memcached version 1.6.42 or later, where this vulnerability has been addressed.