Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
agnivade easy-scrypt scrypt.go VerifyPassphrase timing discrepancy
Vulnerability Description
A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
agnivade easy-scrypt 安全漏洞
Vulnerability Description
easy-scrypt是Agniva De Sarker个人开发者的一个 Go 中可用的原始 scrypt 库。 agnivade easy-scrypt存在安全漏洞。攻击者利用该漏洞导致可观察到的时间存在差异。
CVSS Information
N/A
Vulnerability Type
N/A