Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2022-31742 - log back

CVE-2022-31742 edited at 07 Jun 2022 22:26:36

Severity

-	Unknown
+	Medium

Type

-	Unknown
+	Information disclosure

Description

+	An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals.

References

+	https://bugzilla.mozilla.org/show_bug.cgi?id=1730434

Notes

CVE-2022-31742 created at 07 Jun 2022 22:17:04