Описание
Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| keycloak | itp | package |
EPSS
Процентиль: 71%
0.00671
Низкий
Связанные уязвимости
CVSS3: 3.7
redhat
почти 9 лет назад
Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.
CVSS3: 5.9
nvd
почти 8 лет назад
Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.
CVSS3: 5.9
github
больше 7 лет назад
keycloak-core vulnerable to timing attacks against JWS token verification
EPSS
Процентиль: 71%
0.00671
Низкий