CVE-2014-9970
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
7.5CVSS
7.1AI Score
0.005EPSS