CVE-2019-18887: Use constant time comparison in UriSigner

Affected versions Symfony 2.8.0 to 2.8.51, 3.4.0 to 3.4.34, 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7 versions of the Symfony HttpKernel component are affected by this security issue. The issue has been fixed in Symfony 2.8.52, 3.4.35, 4.2.12 and 4.3.8. Note that no fixes are provided for Symfony 3.0,...

Ian Dunn: Timing Attack in Google Authenticator - Per User Prompt

Google Authenticator - Per User Prompt contains a timing attack vulnerability in how it validates the application password for a user account. if sha1 $attemptedpasswordplaintext === $validpasswordhash || wpcheckpassword $attemptedpasswordplaintext, $validpasswordhash...

Automattic: Timing attack woocommerce, simplify commerce gateway

file class-wc-gateway-simplify-commerce.php method returnhandler e.g. where woocommerce marks the order regarding its payment / transaction. public function returnhandler @obclean; header 'HTTP/1.1 200 OK' ; if isset $REQUEST'reference' && isset $REQUEST'paymentId' && isset $REQUEST'signature'...