Monday, September 27, 2021

Timing Attack - org.apache.kafka:connect-runtime [,2.8.1)

Overview

Affected versions of this package are vulnerable to Timing Attack. Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to brute force attacks by malicious users.

Remediation

Upgrade org.apache.kafka:connect-runtime to version 2.8.1 or higher.

References

 

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore