# Timing Attack via Direct Cryptographic Comparison

- ID: javascript-timing-attack
- Severity: MEDIUM
- CWE: CWE-208 (CWE-208)
- Languages: JavaScript, TypeScript
- Frameworks: nodejs, express, fastify, koa, hapi, nestjs

## Description

Detects direct string comparison of cryptographic values (HMAC, signatures, hashes)
where timing attacks are practically exploitable.

This rule focuses on HIGH-RISK patterns where timing attacks have been demonstrated
in real-world attacks:
- HMAC/signature verification (webhook signatures, JWT manual verification)
- Hash comparison (when verifying pre-computed hashes)

NOT flagged (low practical risk over network):
- Password comparison: Network jitter (ms) overwhelms timing differences (ns).
  The real fix is using bcrypt/argon2 which handles this automatically.
- General token comparison: Usually better addressed by secure token generation
  and proper session management.

Timing attacks on cryptographic comparisons are practical because:
1. Attacker controls the input format exactly
2. Signatures have known structure (hex/base64)
3. Can be automated with statistical analysis
4. Have been used in real attacks (GitHub, Slack webhook bypasses)

## Detection Message

Direct string comparison of cryptographic value (signature/HMAC/hash) is vulnerable to timing attacks

## Remediation

Use crypto.timingSafeEqual() for comparing signatures, HMACs, and hashes.

## Documentation

[object Object]