CVE-2023-51437: Apache Pulsar: Timing attack in SASL token signature verification

CVE-2023-51437: Apache Pulsar: Timing attack in SASL token signature verification

Open Source Security [[{„value“:“

Posted by Michael Marshall on Feb 07

Affected versions:

– Apache Pulsar through 2.10.5
– Apache Pulsar 2.11.0 through 2.11.2
– Apache Pulsar 3.0.0 through 3.0.1
– Apache Pulsar 3.1.0

Description:

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to
forge a SASL Role Token that will pass signature verification.
Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert