Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:11966
HistoryJan 15, 2019 - 9:10 a.m.

Timing Attack Vulnerability In Basic Authentication

2019-01-1509:10:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7

0.019 Low

EPSS

Percentile

88.6%

Action Controller in the actionpack gem has a flaw in the way it compares usernames and passwords in the basic authentication authorization code. Due to the flaw, attackers can launch a timing attack by analyzing the time taken by a response and use the difference to find a valid username and password.