2 vulns 1 line in RNCryptor (PHP) + Call to Action

Posted by Scott Arciszewski on Jun 10

Hi Full Disclosure,

RNCryptor is a data format specificiation for AES encryption, with AES-256,

Their PHP implementation has two vulnerabilities in the same line of code,
which looks like this:

return ($components->hmac == $this->_generateHmac($components, $hmacKey));

The issues here:

1. A timing side-channel.
2. Use of the == operator can treat strings as floats, depending on the
input

We have opened a Github issue about this and…

Leave a Reply