To avoid being susceptible to timing attacks, we should use a constant time comparison function.
Created attachment 17207 [details]
patch for master
This patch does not address uses of memcmp() in Heimdal; as it is a third-party library it must be patched separately.
The password_hash.c code should use this also, lots of password hash comparisons there. (hard to exploit because the input is not a hash, but should be fixed for consistency).
Our next step should be to confirm if we think this raises to the standard for a CVE, otherwise to just fix in public.
I've removed the embargo, this is an important thing to fix, but we wouldn't issue a security advisory for this.