Описание
An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| icinga2 | fixed | 2.8.4-1 | package | |
| icinga2 | no-dsa | stretch | package | |
| icinga2 | no-dsa | jessie | package |
Примечания
https://github.com/Icinga/icinga2/issues/4920
https://github.com/Icinga/icinga2/pull/5715
https://www.openwall.com/lists/oss-security/2018/03/22/3
Связанные уязвимости
CVSS3: 8.1
ubuntu
почти 8 лет назад
An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
CVSS3: 8.1
nvd
почти 8 лет назад
An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
CVSS3: 8.1
github
больше 3 лет назад
An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.