[jira] [Created] (PDFBOX-5798) Observable Timing Discrepancy (Timing Attack)

Simon Steiner (Jira) Wed, 03 Apr 2024 05:09:04 -0700

Simon Steiner created PDFBOX-5798:
-------------------------------------

             Summary: Observable Timing Discrepancy (Timing Attack)
                 Key: PDFBOX-5798
                 URL: https://issues.apache.org/jira/browse/PDFBOX-5798
             Project: PDFBox
          Issue Type: Bug
            Reporter: Simon Steiner



A static analyse tool is reporting:

An attacker can guess the secret value of digest because it is compared using 
java.util.Arrays.equals, which is vulnerable to timing attacks. Use 
java.security.MessageDigest.isEqual to compare values securely.
‎pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/StandardSecurityHandler.java



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (PDFBOX-5798) Observable Timing Discrepancy (Timing Attack)

Reply via email to