GHSA-8VXV-2G8P-2249 Observable Timing Discrepancy in totp-rs

Impact Token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Patches Library now used constant-time comparison. Workarounds No. For more...

CVE-2022-29185

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...

Design/Logic Flaw

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...

CVE-2022-29185 Observable Timing Discrepancy in totp-rs

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...

CVE-2022-29185

CVE-2022-29185 affects the Rust library totp-rs. Prior to version 1.1.0, token comparison was not constant time, which could theoretically allow guessing a TOTP token value and reusing it within the same time window, assuming the attacker knew the password. Patch 1.1.0 introduces a constant-time ...

CVE-2022-29185 Observable Timing Discrepancy in totp-rs

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...