github.com/pivotal-cf/on-demand-services-sdk is vulnerable to timing attack. This is due to an insecure method of verifying credentials which would allow remote attackers to make multiple authentication request to the server and discover valid credentials by analyzing the server response time and gain access to the application.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/pivotal-cf/on-demand-services-sdk | eq | HEAD | |
github.com/pivotal-cf/on-demand-services-sdk | le | 0.23.0 |