express-basic-auth@0.2.0

Vulnerabilities 1 via 1 paths
Dependencies 1
Source npm
Package express-basic-auth

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
low severity

Timing Attack

  • Vulnerable module: express-basic-auth
  • Introduced through: express-basic-auth@0.2.0

Detailed paths

  • Introduced through: express-basic-auth@0.2.0
    Remediation: Upgrade to express-basic-auth@1.1.7.

Overview

express-basic-auth is a simple plug & play HTTP basic auth middleware for Express.

Affected versions of this package are vulnerable to Timing Attack due to it using native string compare for passwords, as oppose to comparing with a set constant time.

Remediation

Upgrade express-basic-auth to version 1.1.7 or higher.

References