CVE-2010-10006

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions michaelliao jopenid versions prior to 1.08

Description The issue is related to a timing discrepancy in the getAuthentication function of the OpenIdManager.java file. This discrepancy can be exploited by a remote attacker to gain unauthorized access to protected information. The complexity of an attack is rather high, and the exploitability is difficult.

Recommendations To address this issue, upgrade to version 1.08 or later. As a temporary workaround, consider restricting access to the getAuthentication function until a patch is applied.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-208

Related Identifiers

BDU:2023-00595

CVE-2010-10006

GHSA-M4F8-P58G-J8MJ

Affected Products

Openid

CVE-2010-10006

Weakness Enumeration

Related Identifiers

Affected Products

References · 8