2 matches found
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the Kerberos credentialing. An attacker can intercept sensitive information by capturing unencrypted credentials during transmission. Remediation A fix was pushed into the master branch...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via discrepancies in processing invalid padding errors in legacy API mbedtlsciphercrypt and mbedtlscipherfinish functions and in the PSA Crypto API psacipherdecrypt and psacipherfinish functions when handling any other...