Comment 3 for bug 1325128
Revision history for this message
| Alex Gaynor (alex-gaynor) wrote Re: nova metadata does not use a constant time compare for validating an HMAC token | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
This particularly one hasn't been demonstrated to be exploitable, however this precise pattern has: http://
If someone more familiar with this bit of code and the implications can weigh in and says it's fine, I'm happy to just send up a CR for this.