Monday, September 27, 2021

Timing Attack - org.apache.kafka:connect-runtime[,2.8.1)


Affected versions of this package are vulnerable to Timing Attack. Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to brute force attacks by malicious users.


Upgrade org.apache.kafka:connect-runtime to version 2.8.1 or higher.



Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore