Timing Attack Side-Channel on API Token Verification

ID H1:31167
Type hackerone
Reporter voodookobra
Modified 2014-10-25T18:11:13


Because tokens are compared with the === operator, this may be susceptible to timing attacks. More info:

This is probably not the lowest hanging fruit for an attacker, but it's something you might want to fix. :)

Replacement utility: