Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Observable Timing Discrepancy in totp-rs
Vulnerability Description
totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
totp-rs 安全漏洞
Vulnerability Description
totp-rs是用于创建 2FA 身份验证令牌的工具。 totp-rs 1.1.0之前版本存在安全漏洞,该漏洞源于为每个基于时间的一次性密码 (TOTP) 创建 2FA 身份验证令牌。
CVSS Information
N/A
Vulnerability Type
N/A