The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| simplesamlphp/simplesamlphp(Packagist) | 0 | 1.15.0-rc1 | N/A |
CVSS Metrics
