Описание
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:glitchedpolygons:l8w8jwt:2.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-203
CWE-203
Связанные уязвимости
CVSS3: 9.8
github
почти 2 года назад
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
EPSS
Процентиль: 13%
0.00044
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-203
CWE-203