Lucene search
HistoryJan 22, 2024 - 4:15 a.m.
CVE-2024-23771
darkhttpd
1.15
authentication
vulnerability
cve-2024-23771
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.1%
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.
Affected configurations
Node
unix4lyfedarkhttpdRange<1.15
| CPE | Name | Operator | Version |
|---|---|---|---|
| unix4lyfe:darkhttpd | unix4lyfe darkhttpd | lt | 1.15 |
Related
alpinelinux
alpinelinux
CVE-2024-23771
2024-01-22 04:15:07
veracode
veracode
Timing Side-Channel Attack
2024-01-30 16:42:20
osv
osv
CVE-2024-23771
2024-01-22 04:15:07
nvd
nvd
CVE-2024-23771
2024-01-22 04:15:07
prion
prion
Authentication flaw
2024-01-22 04:15:00
cvelist
cvelist
CVE-2024-23771
2024-01-22 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.1%
Related for CVE-2024-23771