CVE-2024-30257: 1Panel's password verification is suspected to have a timing attack vulnerability
(updated )
源码中密码校验处使用 != 符号,而不是hmac.Equal
,这可能导致产生计时攻击漏洞,从而爆破密码。
建议使用 hmac.Equal
比对密码。
Translation:
The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac. Equal to compare passwords.
References
Detect and mitigate CVE-2024-30257 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →