1. Timing Side-Channel Exposes Trusted Device Tokens in Authentication Service
A timing attack vulnerability has been identified in the trusted device verification logic of a production authentication service, creating a potential vector for adversaries to enumerate valid device tokens by measuring response latency differentials. The flaw resides in the isTrustedDevice method within src/auth/two-...