Timing Attack Affecting node-forge Open this link in a new tab package, versions <0.6.33

  • Exploit Maturity


  • Attack Complexity


  • Confidentiality


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    26 Dec 2016

  • disclosed

    25 Jun 2015

  • credit

    Dave Longley

Introduced: 25 Jun 2015

CWE-208 Open this link in a new tab

How to fix?

Upgrade node-forge to version 0.6.33 or higher.


node-forge is a JavaScript implementation of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of the package are vulnerable to a Timing Attack due to unsafe HMAC comparison. The HMAC algorithm produces a keyed message by pairing a hash function with a cryptographic key. Both the key and a message serve as input to this algorithm, while it outputs a fixed-length digest output which can be sent with the message. Anyone who knows the key can repeat the algorithm and compare their calculated HMAC with one they have received, to verify a message originated from someone with knowledge of the key and has not been tampered with.

The problem begins when trying to compare two HMACs. This is the part of code that handles the comparison:

if(byteArrayA.length != byteArrayB.length) { return false; }
for(int i = 0; i < byteArrayA.length; i++) {
  if(byteArrayA[i] != byteArrayB[i]) { return false; }
return true;

The issue is that the more bytes match in the two arrays, the more comparisons are formed and the longer it'll take to return a result. This may allow attackers to brute force their way into the servers.