Quantcast

Potential timing channels in RealmBase.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Potential timing channels in RealmBase.java

Yu Feng
Hi,

I am a research at UT Austin.

Recently I found a timing channel that will leak the information about the
existence of a user:
https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/realm/
RealmBase.java#L399

Assuming the ServerDigest is sensitive, then doing pure string comparison
will cause another timing channel:
https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/realm/
RealmBase.java#L428


Here is more information about timing attack:
https://codahale.com/a-lesson-in-timing-attacks/

Thanks,
Yu

--
Yu Feng
Graduate Research Assistant
UT Austin | Computer Science
512-954-7627 | [hidden email]
http://www.cs.utexas.edu/~yufeng/
Loading...