This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote database server has an information leak vulnerability.
According to its banner, the version of CouchDB running on the remote
host has an information leak vulnerability. The application does not
use a constant-time comparison algorithm when attempting to verify
hashes and passwords. The server will respond to mismatches more
quickly than it responds to matches.
A remote attacker could exploit this by performing side-channel brute
force attacks, which could lead to administrative access.
See also :
Upgrade to CouchDB 0.11.0 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false