codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Java: Timing attack

Open ahmed-farid-dev opened this issue 3 years ago • 4 comments
trafficstars

A constant-time algorithm should be used for checking the value of info. In other words, the comparison time should not depend on the content of the input, Otherwise, an attacker may be able to implement a timing attacks that may reveal the value of sensitive info

ahmed-farid-dev avatar Apr 07 '22 03:04 ahmed-farid-dev

Hi, any update ?

ahmed-farid-dev avatar Apr 13 '22 21:04 ahmed-farid-dev

Security lab are making their initial assessment. That can take a couple of weeks.

smowton avatar Apr 13 '22 21:04 smowton

Hi, It's been five months. Any update?

ahmed-farid-dev avatar Sep 08 '22 11:09 ahmed-farid-dev

We will review the PR here once the conversation at https://github.com/github/securitylab/issues/664 about what the query should do has been resolved

smowton avatar Sep 13 '22 11:09 smowton