GO Simple Tunnel Security Vulnerability

GO Simple Tunnel is a GO language implementation of a secure tunnel by ginuerzh individual developers. A security vulnerability exists in GO Simple Tunnel version 2.11.5, which stems from an authentication bypass issue in the SSH service that allows an attacker to intercept communication via a...

CVE-2023-32691

CVE-2023-32691 affects gost (GO Simple Tunnel) written in Go. The root cause is untrusted input from an HTTP header being compared directly to a secret (not using constant-time comparison), enabling a side-channel timing attack to guess secrets. The common remediation is to switch to constant-tim...

GO Simple Tunnel 安全漏洞

GO Simple Tunnel is a secure tunnel implemented in the GO language by ginuerzh individual developers. GO Simple Tunnel suffers from a security vulnerability that stems from the fact that sensitive information such as passwords, tokens, and API keys can only be compared using a constant-time...

PT-2023-23965 · Gost · Gost

Name of the Vulnerable Software and Affected Versions: gost GO Simple Tunnel affected versions not specified Description: The issue arises from the comparison of untrusted input, sourced from an HTTP header, with a secret using a non-constant time comparison function. This allows an attacker to...