Closed pfirmstone closed 2 years ago
Describe the bug An attacker can guess the secret value of [getEncoded]() because it is compared using [java.util.Arrays.equals](), which is vulnerable to timing attacks. Use java.security.MessageDigest.isEqual to compare values securely.
Describe the bug An attacker can guess the secret value of [getEncoded]() because it is compared using [java.util.Arrays.equals](), which is vulnerable to timing attacks. Use java.security.MessageDigest.isEqual to compare values securely.