Adyen has utility methods for validating notification HMAC signatures. The is_valid_hmac
and is_valid_hmac_notification
methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-347" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-08-30T18:51:58Z" }