6 matches found
Timing Attack
com.ongres.scram:scram-common is vulnerable to Timing Attack. The vulnerability is due to the use of Arrays.equals for comparing sensitive authentication values, which performs short-circuit evaluations and causes variable execution times, allowing an attacker to exploit timing differences to inf...
SimpleSAMLphp allows timing side-channel attacks
The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...
CVE-2019-10213
OpenShift Container Platform (versions 4.1–4.2) is affected by CVE-2019-10213: secret data written to pod logs is not sanitized when an operator runs at Debug level or higher, enabling a low-privilege user to read sensitive material from logs. Root cause: unsanitized secrets in logs. Impact: info...
Information Disclosure
github.com/openshift/library-go is vulnerable to information disclosure. Unsanitized secret data is written to the static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already...
CVE-2017-12872
The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...
CVE-2017-12872
The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...