CVE-2014-9970

CVE-2014-9970

EPSS 2.4%

jasypt before 1.9.2 allows a timing attack against the password hash comparison.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHSA-2017:2546 https://access.redhat.com/errata/RHSA-2017:2547 https://access.redhat.com/errata/RHSA-2017:2808 https://access.redhat.com/errata/RHSA-2017:2809 https://access.redhat.com/errata/RHSA-2017:2810 https://access.redhat.com/errata/RHSA-2017:2811 https://access.redhat.com/errata/RHSA-2017:3141 https://access.redhat.com/errata/RHSA-2018:0294 https://sourceforge.net/p/jasypt/code/668/http://www.securitytracker.com/id/1039744 http://www.securitytracker.com/id/1040360