Affected versions of cookie-signature
are vulnerable to timing attacks as a result of using a fail-early comparison instead of a constant-time comparison.
Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback on the correctness of a guess via miniscule timing differences.
Under favorable network conditions, an attacker can exploit this to guess the secret in no more than charset*length
guesses, instead of charset^length
guesses required were the timing attack not present.
Update to 1.0.6 or later.
CPE | Name | Operator | Version |
---|---|---|---|
cookie-signature | le | 1.0.5 |