Affected versions of cookie-signature
are vulnerable to timing attacks as a result of using a fail-early comparison instead of a constant-time comparison.
Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback on the correctness of a guess via miniscule timing differences.
Under favorable network conditions, an attacker can exploit this to guess the secret in no more than charset*length
guesses, instead of charset^length
guesses required were the timing attack not present.
Update to 1.0.4 or later.
{ "nvd_published_at": null, "github_reviewed_at": "2019-12-27T22:19:47Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-362" ] }