The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and previous versions allow remote malicious users to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplesamlphp simplesamlphp |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |