wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2022-3143 | Vendor Advisory |
Configurations
History
25 Jan 2023, 20:38
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-203 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
First Time |
Redhat jboss Enterprise Application Platform
Redhat wildfly Elytron Redhat |
|
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-3143 - Vendor Advisory | |
CPE | cpe:2.3:a:redhat:wildfly_elytron:1.15.15:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:* |
13 Jan 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-13 06:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-3143
Mitre link : CVE-2022-3143
CVE.ORG link : CVE-2022-3143
JSON object : View
Products Affected
redhat
- wildfly_elytron
- jboss_enterprise_application_platform
CWE
CWE-203
Observable Discrepancy