Skip to content

Latest commit

 

History

History
executable file
·
39 lines (26 loc) · 1.23 KB

goahead-timing-attack-auth-bypass-xray-194044.md

File metadata and controls

executable file
·
39 lines (26 loc) · 1.23 KB
description title date_published last_updated xray_id vul_id cvss severity discovered_by type
CVE-2021-43298 Medium severity. A timing attack in GoAhead allows an attacker to perform authentication bypass on password-protected web pages
GoAhead timing attack auth bypass
2022-01-01
2022-01-01
XRAY-194044
CVE-2021-43298
5.3
medium
Omer Kaspi
vulnerability

Summary

A timing attack in GoAhead allows an attacker to perform authentication bypass on password-protected web pages

Component

GoAhead

Affected versions

(,5.1.3], fixed in 5.1.4

Description

The code that performs password matching when using "Basic" HTTP authentication does not use a constant-time memcmp. Furthermore – by default there is no rate-limiting on the number of guesses allowed before blocking the attacking IP. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver’s response time until the unauthorized (401) response.

PoC

No PoC is supplied for this issue

Vulnerability mitigations

No vulnerability mitigations are supplied for this issue

References

NVD