CVE-2018-6535

High

8.1/10

Summary

An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Feb 27, 2018

CVE-2018-6535

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS