github.com/ginuerzh/gost is vulnerable to Timing Attacks. The vulnerability exists because the Authenticate
function of auth.go
does not properly compare sensitive secrets such as passwords, tokens and API keys using constant-time comparison, which allows an attacker to guess a secret by observing a difference in processing time for valid and invalid inputs.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/ginuerzh/gost | le | v2.11.5 |