Timing Side-Channel Attack in Htpasswd Authentication and SimpleSAMLphp Session
CVE-2017-12872 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.
Learn more about our User Device Pen Test.