Description

jasypt before 1.9.2 allows a timing attack against the password hash comparison.

Remediation

References

Related Vulnerabilities