CVE-2016-10535
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2016-10535. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present.
Available Exploits
Related News
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
Affected Packages
CVSS Scoring
CVSS Score
References
Advisory provided by GitHub Security Advisory Database. Published: February 18, 2019, Modified: August 31, 2020