CVE-2016-2041: Covert Timing Channel

February 20, 2016 (updated October 30, 2018)

libraries/common.inc.php in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

References

www.phpmyadmin.net/home_page/security/PMASA-2016-5.php
nvd.nist.gov/vuln/detail/CVE-2016-2041

Code Behaviors & Features

Detect and mitigate CVE-2016-2041 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →