Описание
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| jasypt | fixed | 1.9.2-1 | package | |
| jasypt | no-dsa | jessie | package | |
| jasypt | no-dsa | wheezy | package |
Примечания
https://sourceforge.net/p/jasypt/code/668/
EPSS
Процентиль: 76%
0.00944
Низкий
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 8 лет назад
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVSS3: 5.1
redhat
почти 9 лет назад
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVSS3: 7.5
nvd
больше 8 лет назад
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVSS3: 7.5
github
больше 3 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
EPSS
Процентиль: 76%
0.00944
Низкий