A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
| Link | Tags |
|---|---|
| https://vuldb.com/?id.216987 | vdb entry technical description permissions required |
| https://vuldb.com/?ctiid.216987 | permissions required signature |
| https://github.com/openshift/osin/pull/200 | issue tracking |
| https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29 | patch |