webfsd
webfsd copied to clipboard
Published
20 hours ago •
ourway
ourway
fix possible timing attack along with a few typo
side channel attack mitigation
Basic auth timing attacks in other http server implementation shares the same pattern with webfsd, it will be better to replace early-return comparison with constant-time comparison. some other case:
- CVE-2024-23771 and its corresponding patch
- PSV-2020-0365 and detailed blog post from Microsoft research team
typo correction
some words are misspelt
