Description

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.

Remediation

References

CVE-2022-3143

Related Vulnerabilities

WordPress Plugin Check & Log Email Cross-Site Scripting (0.5.1)

WordPress Plugin Page Builder:PageLayer-Drag and Drop website builder Cross-Site Scripting (1.3.4)

Ruby Improper Input Validation Vulnerability (CVE-2009-5147)

WordPress Plugin Related Posts by Zemanta Cross-Site Request Forgery (1.3.1)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2365)

Severity

High

Classification

CVE-2022-3143 CWE-203 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities