Veracode Vulnerability DatabaseVERACODE:45399Timing Attack
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
34.6%
pulsar-broker-auth-sasl is vulnerable to a Timing Attack. The vulnerability is due to the verifyAndExtract function within SaslRoleTokenSigner.java because it take different amounts of time to return false depending on how many characters it needs to compare before finding a mismatch. This variability allows an attacker to deduce the correct signature by measuring these time differences, resulting in SASL authentication bypass.
References
www.openwall.com/lists/oss-security/2024/02/07/1
github.com/advisories/GHSA-c57v-4vg5-cm2x
github.com/apache/pulsar/commit/c05954e66ff33098aeb848f4bde51613ace7e47e
github.com/apache/pulsar/issues/21053
github.com/apache/pulsar/pull/21061
lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5
www.openwall.com/lists/oss-security/2024/02/07/1
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
34.6%