Timing Attack Vulnerability in Wildfly Elytron: Confidentiality Risk

Timing Attack Vulnerability in Wildfly Elytron: Confidentiality Risk

CVE-2021-3642 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

Learn more about our Cis Benchmark Audit For Server Software.