Description

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.

Remediation

References

CVE-2022-3143

Related Vulnerabilities

Python Other Vulnerability (CVE-2010-3492)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4329)

WordPress Plugin Easy Testimonials Cross-Site Request Forgery (3.6.1)

WordPress Plugin Smart Forms-when you need more than just a contact form Security Bypass (2.6.70)

Internet Information Services Other Vulnerability (CVE-2001-0004)

Severity

High

Classification

CVE-2022-3143 CWE-203 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities