CVE-2015-20110

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.

Source: CVE-2015-20110

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다