← back
CVE-2014-9970

CVE-2014-9970

EPSS 2.4%
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2017:2546https://access.redhat.com/errata/RHSA-2017:2547https://access.redhat.com/errata/RHSA-2017:2808https://access.redhat.com/errata/RHSA-2017:2809https://access.redhat.com/errata/RHSA-2017:2810https://access.redhat.com/errata/RHSA-2017:2811https://access.redhat.com/errata/RHSA-2017:3141https://access.redhat.com/errata/RHSA-2018:0294https://sourceforge.net/p/jasypt/code/668/http://www.securitytracker.com/id/1039744http://www.securitytracker.com/id/1040360