CVE-2014-125055

Name of the Vulnerable Software and Affected Versions agnivade easy-scrypt versions prior to 1.0.0

Description A vulnerability was found in agnivade easy-scrypt, affecting the VerifyPassphrase function of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high, and the exploitability is told to be difficult.

Recommendations For versions prior to 1.0.0, upgrade to version 1.0.0 to address this issue. As a temporary workaround, consider disabling the VerifyPassphrase function until a patch is available.