CVE-2016-10535 - OpenCVE

csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Csrf-lite Project	Csrf-lite

Configuration 1 [-]

cpe:2.3:a:csrf-lite_project:csrf-lite:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/isaacs/csrf-lite/pull/1
https://nodesecurity.io/advisories/94

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2018-05-31T20:00:00Z

Updated: 2024-09-17T01:30:58.704Z

Reserved: 2017-10-29T00:00:00

Link: CVE-2016-10535

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-05-31T20:29:01.207

Modified: 2019-10-09T23:16:43.980

Link: CVE-2016-10535

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "csrf-lite node module", "vendor": "HackerOne", "versions": [{"status": "affected", "version": "<=0.1.1"}]}], "datePublic": "2018-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-208", "description": "Information Exposure Through Timing Discrepancy (CWE-208)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-31T19:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nodesecurity.io/advisories/94"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/isaacs/csrf-lite/pull/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "DATE_PUBLIC": "2018-04-26T00:00:00", "ID": "CVE-2016-10535", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "csrf-lite node module", "version": {"version_data": [{"version_value": "<=0.1.1"}]}}]}, "vendor_name": "HackerOne"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Exposure Through Timing Discrepancy (CWE-208)"}]}]}, "references": {"reference_data": [{"name": "https://nodesecurity.io/advisories/94", "refsource": "MISC", "url": "https://nodesecurity.io/advisories/94"}, {"name": "https://github.com/isaacs/csrf-lite/pull/1", "refsource": "MISC", "url": "https://github.com/isaacs/csrf-lite/pull/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:21:52.227Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nodesecurity.io/advisories/94"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/isaacs/csrf-lite/pull/1"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2016-10535", "datePublished": "2018-05-31T20:00:00Z", "dateReserved": "2017-10-29T00:00:00", "dateUpdated": "2024-09-17T01:30:58.704Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:csrf-lite_project:csrf-lite:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "C5A32B42-CEBC-41AE-AB94-68CD045F7334", "versionEndIncluding": "0.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present."}, {"lang": "es", "value": "csrf-lite es una biblioteca de protecci\u00f3n contra Cross-Site Request Forgery (CSRF) para los sitios node sin framework. csrf-lite emplea \"===\", una comparaci\u00f3n de cadena \"fail first\", en lugar de una comparaci\u00f3n de cadena \"time constant\". Esto permite que un atacante adivine el secreto en un m\u00e1ximo de (16*18)288 intentos, en lugar de los 16^18 intentos necesarios si no existiese un ataque de sincronizaci\u00f3n."}], "id": "CVE-2016-10535", "lastModified": "2019-10-09T23:16:43.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-31T20:29:01.207", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://github.com/isaacs/csrf-lite/pull/1"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/94"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-208"}], "source": "support@hackerone.com", "type": "Secondary"}]}