CVE-2015-20110 - Vulnerability Details - OpenCVE

ReportizFlow

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jhipster	Jhipster

Configuration 1 [-]

cpe:2.3:a:jhipster:jhipster:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc
https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25
https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0
https://github.com/jhipster/generator-jhipster/issues/2095

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-31T00:00:00

Updated: 2024-09-06T18:28:17.077Z

Reserved: 2023-10-31T00:00:00

Link: CVE-2015-20110

Vulnrichment

Updated: 2024-08-06T08:58:26.495Z

NVD

Status : Modified

Published: 2023-10-31T03:15:07.613

Modified: 2024-11-21T02:26:34.023

Link: CVE-2015-20110

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2015-20110", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-06T18:28:17.077Z", "dateReserved": "2023-10-31T00:00:00", "datePublished": "2023-10-31T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-31T02:39:58.326511"}, "descriptions": [{"lang": "en", "value": "JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/jhipster/generator-jhipster/issues/2095"}, {"url": "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25"}, {"url": "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc"}, {"url": "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:58:26.495Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/jhipster/generator-jhipster/issues/2095", "tags": ["x_transferred"]}, {"url": "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25", "tags": ["x_transferred"]}, {"url": "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc", "tags": ["x_transferred"]}, {"url": "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T18:27:35.294372Z", "id": "CVE-2015-20110", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T18:28:17.077Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/jhipster/generator-jhipster/issues/2095", "tags": ["x_transferred"]}, {"url": "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25", "tags": ["x_transferred"]}, {"url": "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc", "tags": ["x_transferred"]}, {"url": "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:58:26.495Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2015-20110", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T18:27:35.294372Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T18:28:11.055Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/jhipster/generator-jhipster/issues/2095"}, {"url": "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25"}, {"url": "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc"}, {"url": "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0"}], "descriptions": [{"lang": "en", "value": "JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-31T02:39:58.326511"}}}, "cveMetadata": {"cveId": "CVE-2015-20110", "state": "PUBLISHED", "dateUpdated": "2024-09-06T18:28:17.077Z", "dateReserved": "2023-10-31T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-10-31T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jhipster:jhipster:*:*:*:*:*:*:*:*", "matchCriteriaId": "975D9B1E-D46A-4E51-9190-4A5C1F050EB6", "versionEndExcluding": "2.23.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters."}, {"lang": "es", "value": "JHipster generador-jhipster anterior a 2.23.0 permite un ataque de tiempo contra validarToken debido a una comparaci\u00f3n de cadenas que se detiene en el primer car\u00e1cter que es diferente. Los atacantes pueden adivinar fichas forzando bruscamente un personaje a la vez y observando el tiempo. Por supuesto, esto reduce dr\u00e1sticamente el espacio de b\u00fasqueda a una cantidad lineal de conjeturas basadas en la longitud del token multiplicada por los caracteres posibles."}], "id": "CVE-2015-20110", "lastModified": "2024-11-21T02:26:34.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-10-31T03:15:07.613", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25"}, {"source": "[email protected]", "tags": ["Patch", "Release Notes"], "url": "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/jhipster/generator-jhipster/issues/2095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/jhipster/generator-jhipster/commit/7c49ab3d45dc4921b831a2ca55fb1e2a2db1ee25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "https://github.com/jhipster/generator-jhipster/compare/v2.22.0...v2.23.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/jhipster/generator-jhipster/issues/2095"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "[email protected]", "type": "Primary"}]}