Description

Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.

Remediation

References

CVE-2025-57784

Related Vulnerabilities

WordPress Plugin WPtouch Arbitrary File Upload (3.4.6)

Jboss EAP Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-5731)

Joomla Other Vulnerability (CVE-2006-2960)

Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4335)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)

Severity

Low

Classification

CVE-2025-57784 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities