PT-2018-7116 · Red Hat · Red Hat Keycloak+1

Richard Kettelerij

Publicado

2018-03-12

Atualizado

2018-10-18

CVE-2017-2585

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Red Hat Keycloak versions prior to 2.5.1

Description: The issue is related to the implementation of HMAC verification for JWS tokens, which uses a method that runs in non-constant time. This potentially leaves the application vulnerable to timing attacks.

Recommendations: For versions prior to 2.5.1, update to version 2.5.1 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2017-2585

GHSA-W6GV-3R3V-GWGJ

RHSA-2017:0872

RHSA-2017:0873

Produtos afetados

Keycloak

Red Hat Keycloak

PT-2018-7116 · Red Hat · Red Hat Keycloak+1

CVE-2017-2585

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13