Lucene search

K
osvGoogleOSV:GHSA-WFCC-PFF6-RGC5
HistoryOct 19, 2018 - 4:15 p.m.

Jetty vulnerable to exposure of sensitive information due to observable discrepancy

2018-10-1916:15:46
Google
osv.dev
69

EPSS

0.003

Percentile

69.6%

Jetty through 9.4.x contains a timing channel attack in util/security/Password.java, which allows attackers to obtain access by observing elapsed times before rejection of incorrect passwords.

References