CVE-2016-2041 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-2041 Interim 1 9 2023-12-08T01:58:13Z current 2021-05-30T13:38:58Z 2023-12-08T01:58:13Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-2041 libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed phpMyAdmin-4.6.5.2-1.1 phpMyAdmin-4.6.5.2-1.1 as a component of openSUSE Tumbleweed libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. CVE-2016-2041 openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N