darkhttpd
by darkhttpd
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-23771 | 0.00 | — | 0.00 | Jan 22, 2024 | darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | |||
| CVE-2024-23770 | 0.00 | — | 0.00 | Jan 22, 2024 | darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. |
- CVE-2024-23771Jan 22, 2024risk 0.00cvss —epss 0.00
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.
- CVE-2024-23770Jan 22, 2024risk 0.00cvss —epss 0.00
darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.