Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ginuerzh/gost vulnerable to Timing Attack
Vulnerability Description
gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
通过差异性导致的信息暴露
Vulnerability Title
GO Simple Tunnel 安全漏洞
Vulnerability Description
GO Simple Tunnel是ginuerzh个人开发者的一个 GO 语言实现的安全隧道。 GO Simple Tunnel存在安全漏洞,该漏洞源于密码、令牌和API密钥等敏感信息只能使用恒定时间比较函数进行比较,这种比较是不安全的,攻击者可以发起侧信道定时攻击来猜测密码。
CVSS Information
N/A
Vulnerability Type
N/A