The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails prior to 3.2.22.1, 4.0.x and 4.1.x prior to 4.1.14.1, 4.2.x prior to 4.2.5.1, and 5.x prior to 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote malicious users to bypass authentication by measuring timing differences.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
rubyonrails rails 4.2.4 |
||
rubyonrails rails 4.2.3 |
||
rubyonrails rails 4.2.1 |
||
rubyonrails rails 4.2.0 |
||
rubyonrails rails 4.1.14 |
||
rubyonrails rails 4.1.10 |
||
rubyonrails rails 4.1.7.1 |
||
rubyonrails rails 4.1.7 |
||
rubyonrails rails 4.1.2 |
||
rubyonrails rails 4.1.0 |
||
rubyonrails ruby on rails 4.0.13 |
||
rubyonrails rails 4.0.10 |
||
rubyonrails rails 4.0.9 |
||
rubyonrails rails 4.0.5 |
||
rubyonrails rails 4.0.4 |
||
rubyonrails rails 4.0.1 |
||
rubyonrails rails 4.0.0 |
||
rubyonrails rails 4.2.5 |
||
rubyonrails rails 4.1.12 |
||
rubyonrails ruby on rails 4.1.11 |
||
rubyonrails rails 4.1.9 |
||
rubyonrails rails 4.1.8 |
||
rubyonrails rails 4.1.4 |
||
rubyonrails rails 4.1.3 |
||
rubyonrails ruby on rails 4.0.10 |
||
rubyonrails rails 4.0.6 |
||
rubyonrails rails 4.2.2 |
||
rubyonrails rails 4.1.13 |
||
rubyonrails rails 4.1.6 |
||
rubyonrails rails 4.1.1 |
||
rubyonrails ruby on rails 4.0.12 |
||
rubyonrails rails 4.0.8 |
||
rubyonrails rails 4.0.7 |
||
rubyonrails rails 4.0.3 |
||
rubyonrails rails 4.0.2 |
||
rubyonrails rails 5.0.0 |
||
rubyonrails rails 4.1.5 |
||
rubyonrails ruby on rails 4.0.11.1 |
||
rubyonrails ruby on rails 4.0.11 |
||
rubyonrails ruby on rails |
Vulmon