CVE-2017-2585
published 2018-03-12CVE-2017-2585: Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially…
medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat_inc | keycloak | — | — |
| redhat | keycloak | < 2.5.1 | 2.5.1 |
| redhat | single_sign_on | — | — |
| redhat | single_sign_on | — | — |