Kingroryga

**Name of the Vulnerable Software and Affected Versions** memcached versions prior to 1.6.42 **Description** Username data for SASL password database authentication contains a timing side channel. This occurs because the `sasl server userdb checkpass()` function utilizes a loop that terminates immediately upon finding a valid username, allowing an attacker to potentially infer valid usernames based on the time the server takes to respond. **Recommendations** Update to version 1.6.42 or later.

**Name of the Vulnerable Software and Affected Versions** memcached versions prior to 1.6.42 **Description** Password data for SASL password database authentication contains a timing side channel. This occurs because the `sasl server userdb checkpass()` function utilizes `memcmp`, which can allow an attacker to infer information about the password based on the time taken to perform the comparison. **Recommendations** Update to version 1.6.42 or later.