Описание
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-9970
- https://access.redhat.com/errata/RHSA-2017:2546
- https://access.redhat.com/errata/RHSA-2017:2547
- https://access.redhat.com/errata/RHSA-2017:2808
- https://access.redhat.com/errata/RHSA-2017:2809
- https://access.redhat.com/errata/RHSA-2017:2810
- https://access.redhat.com/errata/RHSA-2017:2811
- https://access.redhat.com/errata/RHSA-2017:3141
- https://access.redhat.com/errata/RHSA-2018:0294
- https://sourceforge.net/p/jasypt/code/668
Пакеты
Наименование
org.jasypt:jasypt
maven
Затронутые версииВерсия исправления
< 1.9.2
1.9.2
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 8 лет назад
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVSS3: 5.1
redhat
почти 9 лет назад
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVSS3: 7.5
nvd
больше 8 лет назад
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVSS3: 7.5
debian
больше 8 лет назад
jasypt before 1.9.2 allows a timing attack against the password hash c ...