@perfood/couch-auth Observable Timing Discrepancy Vulnerability

Vulnerability

A timing side-channel vulnerability has been identified in the authentication logic of @perfood/couch-auth version 0.26.0. This vulnerability allows remote attackers to access sensitive information by exploiting the timing discrepancy in the authentication process, potentially leading to the guessing of sensitive tokens.

Impact

Exploitation of this vulnerability could allow attackers to perform side-channel attacks that guess sensitive tokens, which could be used to compromise user accounts or access restricted resources.

Added: Mar 5, 2026, 9:25 PM

Updated: Mar 5, 2026, 9:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

3.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

3.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

@perfood/couch-auth Observable Timing Discrepancy Vulnerability

Vulnerability

Impact

Affected Products

@perfood/couch-auth

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating