# File lib/brakeman/checks/check_basic_auth_timing_attack.rb, line 23 def check_basic_auth_call tracker.find_call(target: nil, method: :http_basic_authenticate_with).each do |result| warn :result => result, :warning_type => "Timing Attack", :warning_code => :CVE_2015_7576, :message => msg("Basic authentication in ", msg_version(rails_version), " is vulnerable to timing attacks. Upgrade to ", msg_version(@upgrade)), :confidence => :high, :link => "https://groups.google.com/d/msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ" end end