EPSS
Percentile
51.6%
WildFly Elytron is vulnerable to Timing Attacks. The vulnerability exists because DigestPasswordImpl.java does not compare hash values in constant time, allowing an attacker to progressively use the timing of the request to identify a valid hash.
DigestPasswordImpl.java
access.redhat.com/security/cve/CVE-2022-3143
github.com/advisories/GHSA-jmj6-p2j9-68cp
github.com/wildfly-security/wildfly-elytron/commit/4cd12c240e7b8101e44655ffd5fd306fe930d5bf
github.com/wildfly-security/wildfly-elytron/pull/1809