The (1) Htpasswd authentication source in the authcrypt module and (2)
SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote
attackers to conduct timing side-channel attacks by leveraging use of the
standard comparison operator to compare secret material against user input.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | simplesamlphp | < any | UNKNOWN |