[SERVER-21016] Use constant time comparison for SCRAM1 signature comparisons Created: 19/Oct/15  Updated: 07/Dec/16  Resolved: 13/Nov/15

Status: Closed
Project: Core Server
Component/s: Internal Client
Affects Version/s: 3.0.7, 3.2.0-rc0
Fix Version/s: 3.2.0-rc3

Type: Bug Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Mark Benvenuto
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platform B (10/30/15), Platform C (11/20/15)
Participants:

 Description   

Per DRIVERS-255, client implementations of SCRAM should use constant-time memory comparisons to verify the hash.



 Comments   
Comment by Githook User [ 06/Dec/15 ]

Author:

{u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@mongodb.com'}

Message: CXX-657 Use constant time comparison for SCRAM1 signature comparisons

Cherry-picked from server commit
618a5ef908ac5787eb80166ada3914f4db7d3c37 for SERVER-21016
Branch: legacy
https://github.com/mongodb/mongo-cxx-driver/commit/d32226e2522c920cd37f455392142cd33e331e30

Comment by Githook User [ 13/Nov/15 ]

Author:

{u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}

Message: SERVER-21016 Use constant time comparison for SCRAM1 signature comparisons
Branch: master
https://github.com/mongodb/mongo/commit/618a5ef908ac5787eb80166ada3914f4db7d3c37

Generated at Thu Feb 08 03:55:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.