4 matches found
CVE-2015-10004
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC...
CVE-2015-10004
creationtimestamp| type| source ---|---|--- 2022-12-28 00:12:11+00:00| seen| https://t.me/cibsecurity/55456...
CVE-2015-10004 Timing side-channel in github.com/robbert229/jwt
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC...
CVE-2015-10004
CVE-2015-10004 corresponds to a timing side-channel vulnerability in the token validation path of the github.com/robbert229/jwt library. The underlying issue is a flawed HMAC comparison that leaks timing information, enabling an attacker to infer the expected HMAC with a high likelihood under a h...