Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:4247
HistoryMay 18, 2017 - 3:03 a.m.

Timing Attack

2017-05-1803:03:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9

0.003 Low

EPSS

Percentile

69.6%

Jetty Utils is vulnerable to timing attacks. The library is vulnerable because it does not compare passwords, message digests and credentials in constant-time. This allows malicious users to use the timing of the request to progressively identify a valid passwords, message digests and credentials.

References