User enumeration In java-1.8.0-openjdk
Description
It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel7 | 1:1.8.0.91-0.b14.el7_2 | ||
rpm rhel6 | 1:1.8.0.91-0.b14.el6_7 |
Aliases
1. 2. 3.