Lucene search
Veracode Vulnerability DatabaseVERACODE:4267HistoryMay 22, 2017 - 2:30 a.m.
Timing Attack
2017-05-2202:30:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
0.004 Low
EPSS
Percentile
75.0%
jasypt is vulnerable to timing attacks. The attacks are possible because it uses Arrays.equals to verify passwords with different lengths, thereby revealing the time taken to compare the passwords.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jasypt: java simplified encryption | le | 1.9.1 |
Related
ubuntucve
ubuntucve
CVE-2014-9970
2017-05-21 00:00:00
redhatcve
redhatcve
CVE-2014-9970
2019-11-02 16:18:21
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
2022-05-14 03:44:52
cve
cve
CVE-2014-9970
2017-05-21 18:29:00
nvd
nvd
CVE-2014-9970
2017-05-21 18:29:00
veracode
veracode
Timing Attack
2019-01-15 09:19:20
debiancve
debiancve
CVE-2014-9970
2017-05-21 18:29:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
2022-05-14 03:44:52
prion
prion
Default credentials
2017-05-21 18:29:00
cvelist
cvelist
CVE-2014-9970
2017-05-21 18:00:00
redhat
redhat
(RHSA-2017:2547) Important: Red Hat JBoss BRMS 6.4.5 security update
2017-08-29 19:32:06
(RHSA-2017:3141) Important: rhvm-appliance security, bug fix, and enhancement update
2017-11-07 17:03:46
(RHSA-2018:0294) Important: Red Hat JBoss Data Grid 7.1.2 security update
2018-02-12 17:18:53
nessus
nessus
RHEL 7 : rhvm-appliance (RHSA-2017:3141)
2017-11-10 00:00:00
RHEL 6 : rh-sso7-keycloak (RHSA-2017:2904)
2017-10-19 00:00:00
RHEL 6 : Red Hat JBoss Enterprise Application Platform (RHSA-2017:2809)
2017-09-28 00:00:00