EUVD-2023-0542

Malicious code in bioql PyPI...

CVE-2014-125055

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

GO-2023-1294 easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt

easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt...

Timing Attacks

github.com/agnivade/easy-scrypt is vulnerable to Timing Attacks. The vulnerability exists because the VerifyPassphrase function of scrypt.go does not compare hashes in constant time, allowing an attacker to progressively use the timing of the request to identify a valid hash...

easy-scrypt Observable Timing Discrepancy vulnerability

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 can address this issue. The name of the patch is...

GHSA-R894-5R7V-7RX3 easy-scrypt Observable Timing Discrepancy vulnerability

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 can address this issue. The name of the patch is...

CVE-2014-125055

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

CVE-2014-125055

The CVE concerns the Go library agnivade/easy-scrypt. Affected is the VerifyPassphrase function in scrypt.go, where an observable timing discrepancy is introduced due to the underlying implementation flaw. Per multiple sources, upgrading to version 1.0.0 fixes the issue (patch: 477c10cf3b144ddf96...

CVE-2014-125055 agnivade easy-scrypt scrypt.go VerifyPassphrase timing discrepancy

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult...

Observable Timing Discrepancy

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is...

agnivade easy-scrypt 安全漏洞

easy-scrypt is a primitive scrypt library available in Go by Agniva De Sarker's personal developer. A security vulnerability exists in agnivade easy-scrypt. An attacker has exploited the vulnerability to cause observable time discrepancies...