Timing Attack Vulnerability in Sun Java SE Products
CVE-2009-3875

Currently unrated

Key Information:

Vendor
Oracle
Status
Vendor
CVE Published:
5 November 2009

Summary

This vulnerability exists in the MessageDigest.isEqual function within the Java Runtime Environment. It allows remote attackers to execute timing attacks that can lead to the spoofing of HMAC-based digital signatures. By exploiting this flaw, attackers may potentially bypass authentication protocols, compromising the integrity of secured communications. This issue primarily affects several Java SE versions, underscoring the importance of updating to the latest secure versions to mitigate risks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.