{"uuid": "fd96107a-abe1-40dd-919e-3fec5669c7a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32691", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1233", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32691\n\ud83d\udd39 Description: gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`. \n\n\ud83d\udccf Published: 2023-05-30T03:06:06.080Z\n\ud83d\udccf Modified: 2025-01-10T20:45:20.000Z\n\ud83d\udd17 References:\n1. https://github.com/ginuerzh/gost/security/advisories/GHSA-qjrq-hm79-49ww\n2. https://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46", "creation_timestamp": "2025-01-10T21:04:06.000000Z"}