jasypt is vulnerable to timing attacks. The attacks are possible because it uses Arrays.equals
to verify passwords with different lengths, thereby revealing the time taken to compare the passwords.
access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/
access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/
access.redhat.com/errata/RHSA-2017:2808
access.redhat.com/security/updates/classification/#important
issues.jboss.org/browse/JBEAP-11485