The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote malicious users to determine passwords via a timing side-channel attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bitcoin bitcoin core 0.8.1 |