darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-22T00:00:00
Updated: 2024-08-01T23:13:07.546Z
Reserved: 2024-01-22T00:00:00
Link: CVE-2024-23771
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-22T04:15:07.723
Modified: 2024-01-26T19:24:40.873
Link: CVE-2024-23771
Redhat
No data.