nvd-json-data-feeds/CVE-2015/CVE-2015-201xx/CVE-2015-20110.json

{
  "id": "CVE-2015-20110",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-10-31T03:15:07.613",
  "lastModified": "2023-10-31T12:58:31.637",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters."
    },
    {
      "lang": "es",
      "value": "JHipster generador-jhipster anterior a 2.23.0 permite un ataque de tiempo contra validarToken debido a una comparaci\u00f3n de cadenas que se detiene en el primer car\u00e1cter que es diferente. Los atacantes pueden adivinar fichas forzando bruscamente un personaje a la vez y observando el tiempo. Por supuesto, esto reduce dr\u00e1sticamente el espacio de b\u00fasqueda a una cantidad lineal de conjeturas basadas en la longitud del token multiplicada por los caracteres posibles."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/jhipster/generator-jhipster/issues/2095",
      "source": "cve@mitre.org"
    }
  ]
}
Auto-Update: 2023-10-31T05:00:26.622070+00:00 2023-10-31 05:00:30 +00:00			`{`
			`"id": "CVE-2015-20110",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2023-10-31T03:15:07.613",`
Auto-Update: 2023-10-31T13:00:19.128492+00:00 2023-10-31 13:00:23 +00:00			`"lastModified": "2023-10-31T12:58:31.637",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2023-10-31T05:00:26.622070+00:00 2023-10-31 05:00:30 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters."`
Auto-Update: 2023-10-31T13:00:19.128492+00:00 2023-10-31 13:00:23 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "JHipster generador-jhipster anterior a 2.23.0 permite un ataque de tiempo contra validarToken debido a una comparaci\u00f3n de cadenas que se detiene en el primer car\u00e1cter que es diferente. Los atacantes pueden adivinar fichas forzando bruscamente un personaje a la vez y observando el tiempo. Por supuesto, esto reduce dr\u00e1sticamente el espacio de b\u00fasqueda a una cantidad lineal de conjeturas basadas en la longitud del token multiplicada por los caracteres posibles."`
Auto-Update: 2023-10-31T05:00:26.622070+00:00 2023-10-31 05:00:30 +00:00			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://github.com/jhipster/generator-jhipster/issues/2095",`
			`"source": "cve@mitre.org"`
			`}`
			`]`
			`}`