Описание
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss A-MQ 6 | jasypt | Not affected | ||
| Red Hat JBoss BRMS 5 | jasypt | Will not fix | ||
| Red Hat JBoss Fuse 6 | jasypt | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | jasypt | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | jasypt | Under investigation | ||
| Red Hat Data Grid 7.1.2 | jasypt | Fixed | RHSA-2018:0294 | 12.02.2018 |
| Red Hat JBoss BPMS 6.4 | jasypt | Fixed | RHSA-2017:2546 | 29.08.2017 |
| Red Hat JBoss BRMS 6.4 | jasypt | Fixed | RHSA-2017:2547 | 29.08.2017 |
| Red Hat JBoss EAP 7 | Fixed | RHSA-2017:2810 | 26.09.2017 | |
| Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 | eap7-artemis-native | Fixed | RHSA-2017:2809 | 26.09.2017 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-385
https://bugzilla.redhat.com/show_bug.cgi?id=1455566jasypt: Vulnerable to timing attack against the password hash comparison
EPSS
Процентиль: 76%
0.00944
Низкий
5.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 8 лет назад
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVSS3: 7.5
nvd
больше 8 лет назад
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
CVSS3: 7.5
debian
больше 8 лет назад
jasypt before 1.9.2 allows a timing attack against the password hash c ...
CVSS3: 7.5
github
больше 3 лет назад
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
EPSS
Процентиль: 76%
0.00944
Низкий
5.1 Medium
CVSS3