anvilresearch / connect

A modern authorization server built to authenticate your users and protect your APIs

http://anvil.io

Insecure dependencies - HMAC flaw

bjamesvERT opened this issue 7 years ago · comments

BrandonJV commented 7 years ago

passport-saml 0.15.0 has a number of remotely-exploitable security defects, including possible HMAC key recovery

https://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/

https://snyk.io/test/github/anvilresearch/connect.git?severity=high&severity=medium&severity=low