AntFleet

Disagreement · 4ff82c7b-anthropic-2

Timing-safe auth compare leaks via length check and fails when client omits header

solo Opus
repo e24ef98c·PR #11·reviewed 1 week ago

Opus finding

Timing-safe auth compare leaks via length check and fails when client omits header

lowsecuritymedium
  • apps/web/app/api/cron/review-retry/route.ts:22-31
The length-based early return leaks the expected token length via a timing side-channel; the conventional fix is to hash both sides (or pad/compare a fixed-length digest) before timingSafeEqual. The risk in practice is low because (a) the secret length is itself usually not sensitive and (b) Vercel cron is the only legitimate caller, but the code intentionally uses timingSafeEqual to be defensive, so the half-measure undermines the stated intent. Note: this is the standard idiom Vercel docs themselves use, so severity is low.

Recommendation

Hash both sides with SHA-256 first so the buffers compared are always 32 bytes: `const ah = createHash('sha256').update(provided).digest(); const bh = createHash('sha256').update(expected).digest(); if (!timingSafeEqual(ah, bh)) ...`.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗