Timing Vulnerability in Basic Authentication of Ruby on Rails by Action Controller
CVE-2015-7576

3.7LOW

Key Information:

Vendor: Rubyonrails
Status: Ruby On Rails; Rails
Vendor: CVE Published:; 16 February 2016

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2015-7576?

The Basic Authentication implementation in Action Controller of Ruby on Rails contains a timing attack vulnerability that allows remote attackers to bypass authentication mechanisms. Specifically, the method responsible for verifying credentials does not utilize a constant-time algorithm, enabling attackers to exploit timing variations to gain unauthorized access.