Timing Attacks Vulnerability in Apache Doris
CVE-2023-41313
Currently unrated
Summary
A vulnerability exists in the authentication method of Apache Doris, which is susceptible to timing attacks. This issue affects versions before 2.0.0 and poses a significant risk to data security by allowing attackers to exploit timing discrepancies during authentication processes. Users are strongly advised to upgrade to version 2.0.0 or 1.2.8 to mitigate the risk associated with this vulnerability.
Affected Version(s)
Apache Doris 0 < 1.2.8
References
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Andrea Cosentino from Apache Software Foundation