Erwan Legrand

**Name of the Vulnerable Software and Affected Versions** Rhonabwy versions 1.1.13 and earlier **Description** The issue is related to HMAC signature verification, which uses a strcmp function. This function is vulnerable to side-channel attacks because it stops the comparison when the first difference is spotted in the two signatures. The fix involves using gnutls memcmp, which has constant-time execution. **Recommendations** For versions 1.1.13 and earlier, update to a version that uses gnutls memcmp for HMAC signature verification to prevent side-channel attacks. As a temporary workaround, consider restricting access to HMAC signature verification until a patch is available.