csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2018-05-31T20:00:00Z
Updated: 2024-09-17T01:30:58.704Z
Reserved: 2017-10-29T00:00:00
Link: CVE-2016-10535
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-05-31T20:29:01.207
Modified: 2019-10-09T23:16:43.980
Link: CVE-2016-10535
Redhat
No data.