Timing Attack

2023-04-2611:54:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

laravel

timing attack

sessionguard.php

http/2

vulnerability

multiplexing

EPSS

0.001

Percentile

46.5%

JSON

laravel/framework is vulnerable to Timing Attacks. The vulnerability exists in the hasValidCredentials function of SessionGuard.php due to the fact that a successful login request takes more time then a unsuccessful request due to HTTP/2 multiplexing, which allows an attacker to enumerate users via a timeless timing attack.