Описание
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.14.15-1 |
| bionic | not-affected | 1.14.15-1 |
| cosmic | not-affected | 1.14.15-1 |
| devel | not-affected | 1.14.15-1 |
| disco | not-affected | 1.14.15-1 |
| eoan | not-affected | 1.14.15-1 |
| esm-apps/bionic | not-affected | 1.14.15-1 |
| esm-apps/focal | not-affected | 1.14.15-1 |
| esm-apps/jammy | not-affected | 1.14.15-1 |
| esm-apps/noble | not-affected | 1.14.15-1 |
Показывать по
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.
The (1) Htpasswd authentication source in the authcrypt module and (2) ...
SimpleSAMLphp allows timing side-channel attacks
4.3 Medium
CVSS2
5.9 Medium
CVSS3