Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43017
HistoryAug 30, 2023 - 10:30 p.m.

Timing Attack

2023-08-3022:30:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
python3.9
improper access control
hmac.py
timing attack
cryptographic applications
software

0.001 Low

EPSS

Percentile

22.9%

python3.9 is vulnerable to Improper Access Control. The vulnerability exists due to a flaw in the way the hmac.compare_digest() function in the Lib/hmac.py module compares two message digests. An attacker can exploit this vulnerability to distinguish between different message digests, which could be used to defeat certain cryptographic applications.