Timing attack in password validation

The equality test in our authentication system is not constant time, allowing a user with a sufficiently stable, fast connection to the server to check hash prefixes

Information for security researchers

CVE Identifier: CVE-2012-5507
Impact Subscore: 2.9
Exploitability Subscore: 3.2
Overall CVSS Score: 1.4
Vector: (AV:A/AC:H/Au:N/C:P/I:N/A:N/E:P/RL:O/RC:C)
CWE: CWE-208
Credit: Bastian Blank