Name of the Vulnerable Software and Affected Versions Adyen (affected versions not specified)

Description The issue concerns the is valid hmac and is valid hmac notification methods in Adyen's utility for validating notification HMAC signatures. These methods are susceptible to a timing attack. To mitigate this, comparing the hash of the HMACs is recommended instead of the current approach.

Recommendations For all affected versions, consider modifying the is valid hmac and is valid hmac notification methods to compare the hash of the HMACs instead of the current implementation to prevent timing attacks.