CVE-2024-23771

Name of the Vulnerable Software and Affected Versions darkhttpd versions prior to 1.15

Description The issue arises from the use of strcmp (which is not constant time) to verify authentication, making it easier for remote attackers to bypass authentication via a timing side channel. This allows attackers to potentially gain unauthorized access.

Recommendations For versions prior to 1.15, update to version 1.15 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the server to minimize the risk of exploitation.