Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-21016

Use constant time comparison for SCRAM1 signature comparisons

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.2.0-rc3
    • Affects Version/s: 3.0.7, 3.2.0-rc0
    • Component/s: Internal Client
    • None
    • Fully Compatible
    • ALL
    • Platform B (10/30/15), Platform C (11/20/15)
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      Per DRIVERS-255, client implementations of SCRAM should use constant-time memory comparisons to verify the hash.

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: