Description
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Remediation
References
Related Vulnerabilities
WordPress Plugin MQ ReLinks Multiple Vulnerabilities (1.8)
Rukovoditel Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11821)
WordPress Plugin Manage Calameo Publications by Athlon Cross-Site Scripting (1.1.0)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0363)