check_credentials not constant time string compare

jpvanhal / flask-basicauth

HTTP basic access authentication for Flask.

https://flask-basicauth.readthedocs.io/

Other

85 stars 27 forks source link

check_credentials not constant time string compare #21

Open MRoci opened 5 years ago

MRoci commented 5 years ago

check_credentials does not use a constant time string comparison method. This behaviour is unsafe and i think it could lead in a potential timing attack