3 matches found
Covert Timing Channel in Apache CXF
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks...
Apache CXF Timing Attack Information Disclosure Vulnerability
Apache CXF is the United States Apache Apache Software Foundation, an open source Web services framework. A timing attack vulnerability exists in the Apache CXF OAuth2 Hawk and JOSE MAC authentication code, which allows remote attackers to submit a special request to obtain sensitive information...
Timing Attacks
Apache CXF is susceptible to timing attacks. The vulnerability is possible because MAC signature comparison algorithm used by its OAuth2 Hawk and JOSE MAC Validation code is not performed in constant time. Therefore, an attacker can trigger a timing attack through the OAuth2 Hawk or JWT access...