8 matches found
Timing Attack
basic-auth-connect is vulnerable to Timing Attack. The vulnerability is due to improper implementation of the equality comparison, where the comparison function reveals differences in the time taken to process incorrect versus correct input, allowing an attacker to infer sensitive information bas...
20231122-npm (=1.0.0), @3dr/potree (=1.6.0) +3223 more potentially affected by CVE-2024-47178 via basic-auth-connect (=1.0.0)
basic-auth-connect NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on basic-auth-connect and may be impacted: - 20231122-npm =1.0.0 - @3dr/potree =1.6.0 - @inlimbo/nativeui =0.0.1, =0.0.0, =0.20.0, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.0.1...
basic-auth-connect's callback uses time unsafe string comparison
Impact basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information Patches this issue has been fixed in basic-auth-connect 1.1.0 References...
CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...
CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...
CVE-2024-47178
The CVE-2024-47178 issue affects basic-auth-connect (
basic-auth-connect 安全漏洞
basic-auth-connect is an expressjs open source basic authentication middleware for nodes and connections. A security vulnerability exists in basic-auth-connect versions prior to 1.1.0, which stems from the use of timing insecure equality comparisons, which can leak timing information...
PT-2024-32459 · Unknown · Basic-Auth-Connect
Name of the Vulnerable Software and Affected Versions: basic-auth-connect versions prior to 1.1.0 Description: The issue concerns a timing-unsafe equality comparison in basic-auth-connect that can leak timing information. This comparison can potentially allow an attacker to observe differences in...