Timing Attack

express-basic-auth is vulnerable to timing attacks. The usage of native string comparison allows a remote attacker to guess secrets such as user passwords by analyzing server response time on different input...