A sneaky vulnerability where an attacker figures out a secret by measuring how long an operation takes — like a password check that quits early on a mismatch, leaking how many characters matched. The fix is comparing values in constant time, so the duration gives nothing away.