Fedora Account System
Red Hat Associate
Red Hat Customer
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. https://github.com/emikulic/darkhttpd/commit/f477619d49f3c4de9ad59bd194265a48ddc03f04 https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15
Created darkhttpd tracking bugs for this issue: Affects: epel-all [bug 2259493] Affects: fedora-all [bug 2259494]