Cryptographic Side Channel in OAuth Library

Disclosed: 2014-10-29 19:57:02 By voodookobra To wp-api

Unknown

Vulnerability Details

Because hashes and tokens are compared with the `!==` and `===` operators, these checks may be susceptible to timing attacks. More info: http://codahale.com/a-lesson-in-timing-attacks/ Affected code: https://github.com/WP-API/OAuth1/blob/45197eca2925f5022192903d3639decd0ae1811c/lib/class-wp-json-authentication-oauth1.php#L562 https://github.com/WP-API/OAuth1/blob/45197eca2925f5022192903d3639decd0ae1811c/lib/class-wp-json-authentication-oauth1.php#L290

Actions

View on HackerOne

Report Stats

Report ID: 31168
State: Closed
Substate: resolved
Upvotes: 2

Cryptographic Side Channel in OAuth Library

Vulnerability Details

Actions

Report Stats

Share this report