CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the verifyClientProof function which use Arrays.equals function. An attacker can infer sensitive authentication material by exploiting timing differences during the comparison of secret values. Remediation Upgrade...

PT-2025-38753

Name of the Vulnerable Software and Affected Versions versions prior to 3.2 Description A timing attack issue exists in the SCRAM Java implementation due to the use of Arrays.equals for comparing sensitive values like client proofs and server signatures. Arrays.equals performs a short-circuit...

The vulnerability of the Arrays.equals() method in the Apache Hive database, which allows an attacker to cause a service failure.

The vulnerability of the Arrays.equals method in the Apache Hive database is related to manipulating unknown inputs, which leads to a timing mismatch vulnerability. Exploiting this vulnerability could allow an attacker to cause service failures...

Apache Hive 安全漏洞

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A trust...

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

VulnCheck KEV: CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

PT-2023-13035 · Unknown · Wildfly Elytron

Name of the Vulnerable Software and Affected Versions: Wildfly-elytron affected versions not specified Description: A flaw was found in Wildfly-elytron, where it uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. This allows an attacker to access...

UBUNTU-CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...