Lucene search
Veracode Vulnerability DatabaseVERACODE:38908HistoryJan 18, 2023 - 5:28 a.m.
Timing Attacks
2023-01-1805:28:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
github
easy-scrypt
timing attacks
verifypassphrase
scrypt.go
vulnerable
EPSS
0.002
Percentile
65.2%
github.com/agnivade/easy-scrypt is vulnerable to Timing Attacks. The vulnerability exists because the VerifyPassphrase function of scrypt.go does not compare hashes in constant time, allowing an attacker to progressively use the timing of the request to identify a valid hash.
Related
gitlab
gitlab
Observable Timing Discrepancy
2023-01-07 00:00:00
osv
osv
easy-scrypt Observable Timing Discrepancy vulnerability in github.com/agnivade/easy-scrypt
2024-08-20 20:25:58
easy-scrypt Observable Timing Discrepancy vulnerability
2023-01-07 09:30:17
prion
prion
Design/Logic Flaw
2023-01-07 09:15:00
cvelist
cvelist
cve
cve
CVE-2014-125055
2023-01-07 09:15:21
nvd
nvd
CVE-2014-125055
2023-01-07 09:15:21
github
github
easy-scrypt Observable Timing Discrepancy vulnerability
2023-01-07 09:30:17