CouchDB Message Digest Verification Security Bypass Vulnerability

CouchDB is prone to a security-bypass vulnerability because it compares message digests using a variable time algorithm.

Successfully exploiting this issue allows an attacker to determine if a forged digest is partially correct; repeated attacks will allow them to determine specific, legitimate digests.

Versions prior to CouchDB 0.11 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus