Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:12348
HistoryJan 15, 2019 - 9:16 a.m.

Timing Attack

2019-01-1509:16:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12

EPSS

0.001

Percentile

47.8%

tomcat-catalina is vulnerable to timing attacks. When the supplied username does not exist, the Realm implementation will not process the supplied password, making a timing attack possible to determine valid usernames. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.

References