Lucene search

K
osvGoogleOSV:GHSA-F3Q4-GGFP-JV34
HistoryAug 30, 2024 - 6:51 p.m.

Adyen APIs Library for Python timing attack vulnerability

2024-08-3018:51:58
Google
osv.dev
2
adyen
python
library
timing attack
vulnerability
notification hmac
hash comparison
software

AI Score

7.1

Confidence

High

Adyen has utility methods for validating notification HMAC signatures. The is_valid_hmac and is_valid_hmac_notification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead.

AI Score

7.1

Confidence

High