Affected versions of cookie-signature
are vulnerable to timing attacks as a result of using a fail-early comparison instead of a constant-time comparison.
Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback on the correctness of a guess via miniscule timing differences.
Under favorable network conditions, an attacker can exploit this to guess the secret in no more than charset*length
guesses, instead of charset^length
guesses required were the timing attack not present.
Update to 1.0.4 or later.
CPE | Name | Operator | Version |
---|---|---|---|
cookie-signature | lt | 1.0.4 |
bugs.debian.org/cgi-bin/bugreport.cgi?bug=838618
bugzilla.redhat.com/show_bug.cgi?id=1371409
bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000236
github.com/tj/node-cookie-signature
github.com/tj/node-cookie-signature/commit/2c4df6b6cee540f30876198cd0b5bebf28528c07
github.com/tj/node-cookie-signature/commit/39791081692e9e14aa62855369e1c7f80fbfd50e
github.com/tj/node-cookie-signature/commit/4cc5e21e7f59a4ea0b51cd5e9634772d48fab590
nvd.nist.gov/vuln/detail/CVE-2016-1000236
security-tracker.debian.org/tracker/CVE-2016-1000236
travis-ci.com/nodejs/security-wg/builds/76423102
www.mail-archive.com/[email protected]/msg06583.html
www.npmjs.com/advisories/134