Количество 2
Количество 2
CVE-2015-20110
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.
GHSA-4gpm-r23h-gprw
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2015-20110 JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-4gpm-r23h-gprw generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу