Insecure dependencies - HMAC flaw
bjamesvERT opened this issue · 0 comments
bjamesvERT commented
passport-saml 0.15.0 has a number of remotely-exploitable security defects, including possible HMAC key recovery
https://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
https://snyk.io/test/github/anvilresearch/connect.git?severity=high&severity=medium&severity=low