Date published: 2017-09-01T17:29:00.563-04:00
Date last modified: 2017-09-05T21:36:28.093-04:00
CVSS Score: 4.3
Principal attack vector: NETWORK
Reference URL: https://simplesamlphp.org/security/201703-01
Summary: The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.