CouchDB < 0.11.0 Timing Attack Vulnerability
Medium Nessus Network Monitor Plugin ID 5503
SynopsisThe remote host is affected by an information disclosure vulnerability.
DescriptionThe remote host is running CouchDB, a document-oriented database. The installed version of CouchDB is earlier than 0.11.0. Such versions are potentially affected by an information disclosure vulnerability via a timing attack caused by a break-on-equality string comparison when verifying hashes or passwords.
SolutionUpgrade to CouchDB 0.11.0 or later.