PT-2023-10334 · Viafintech · Viafintech Barzahlen Payment Module Php Sdk
Adiebler
·
Published
2023-01-08
·
Updated
2024-05-17
·
CVE-2016-15015
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
viafintech Barzahlen Payment Module PHP SDK versions up to 2.0.0
Description
A vulnerability was found in the viafintech Barzahlen Payment Module PHP SDK, affecting the
verify function of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high, and the exploitability is difficult.Recommendations
For viafintech Barzahlen Payment Module PHP SDK versions up to 2.0.0, upgrade to version 2.0.1 to address this issue. As a temporary workaround, consider disabling the
verify function of the src/Webhook.php file until the patch is applied.Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Viafintech Barzahlen Payment Module Php Sdk