From ${URL} : bool HTTPAuthorized(map<string, string>& mapHeaders) { string strAuth = mapHeaders["authorization"]; if (strAuth.substr(0,6) != "Basic ") return false; string strUserPass64 = strAuth.substr(6); boost::trim(strUserPass64); string strUserPass = DecodeBase64(strUserPass64); return strUserPass == strRPCUserColonPass; } Last string comparision strUserPass == strRPCUserColonPass gets compiled to: do { if ( !len ) break; less = *(_BYTE *)strUserPass < *(_BYTE *)strRPCUserColonPass; eq = *(_BYTE *)strUserPass++ == *(_BYTE *)strRPCUserColonPass++; --len; } while ( eq ); which is a byte-by-byte compare. Attacker with precise clock (being in the same LAN, for example) might learn the RPC password letter by letter, by trying passwords like 'a...", "b...", "c..." and observing which took the longest time to verify. This code in bitcoinrpc.cpp: if (mapArgs["-rpcpassword"].size() < 20) MilliSleep(250); protects from bruteforce for short password. Unfortunately, when run, bitcoind suggest a 32 chars password. Paradoxically short passwords are safer to use than longer ones, wrt to the timing leak. Here's an example of time independent array comparison: http://rdist.root.org/2010/01/07/timing-independent-array-comparison/ @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
CVE-2013-4165 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4165): The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.
Not a real concern, as RPC is not exposed to any untrusted interfaces (the options exist, but it is not recommended or supported).
Closing fixed, 0.8.5 has been stabilized in the meantime.