CVE-2021-4294

Name of the Vulnerable Software and Affected Versions OpenShift OSIN (affected versions not specified)

Description A vulnerability was found in OpenShift OSIN, classified as problematic. It affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy, making it vulnerable to timing attacks. This could permit an attacker to determine client secrets.

Recommendations To fix this issue, it is recommended to apply a patch. As a temporary workaround, consider restricting access to the ClientSecretMatches/CheckClientSecret function until a patch is available. Avoid using the secret argument in the affected function to minimize the risk of exploitation.