From acbb4042df204342a02c2fb1706a513c07cfcffd Mon Sep 17 00:00:00 2001 From: Ahmed Farid Date: Wed, 29 Jun 2022 00:51:12 +0100 Subject: [PATCH] Update TimingAttack.qhelp --- python/ql/src/experimental/Security/CWE-208/TimingAttack.qhelp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/python/ql/src/experimental/Security/CWE-208/TimingAttack.qhelp b/python/ql/src/experimental/Security/CWE-208/TimingAttack.qhelp index e048ec6b3b9..cc0c391ca18 100644 --- a/python/ql/src/experimental/Security/CWE-208/TimingAttack.qhelp +++ b/python/ql/src/experimental/Security/CWE-208/TimingAttack.qhelp @@ -7,8 +7,7 @@ how long it takes the system to respond to different inputs. it can be circumvented by using a constant-time algorithm for checking the value of sensitive info, more precisely, the comparison time should not depend on the content of the input. Otherwise the attacker gains -information that is indirectly leaked by the application. This information is then used for malicious purposes, -such as guessing the password of a user. +information that is indirectly leaked by the application. This information is then used for malicious purposes.