2 matches found
CVE-2023-32691 ginuerzh/gost vulnerable to Timing Attack
gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...
CVE-2023-32691
CVE-2023-32691 affects gost (GO Simple Tunnel) written in Go. The root cause is untrusted input from an HTTP header being compared directly to a secret (not using constant-time comparison), enabling a side-channel timing attack to guess secrets. The common remediation is to switch to constant-tim...