kohana/core is vulnerable to timing attacks. The library is vulnerable because it does not compare hashes in constant-time, which allows attackers to use the timing of the request to progressively identify a valid hash.
CPE | Name | Operator | Version |
---|---|---|---|
kohana/core | le | 3.3.2 |