VYPR
Unrated severityNVD Advisory· Published Nov 19, 2018· Updated Sep 17, 2024

On Demand Services SDK Timing Attack Vulnerability

CVE-2018-15759

Description

Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.

Affected products

2
  • Pivot/Pivotllm-fuzzy
    Range: <0.24
  • Pivotal/On Demand Services SDKv5
    Range: all versions

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.