How severe is CVE-2010-10006?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2010-10006?

This is classified as CWE-208, which is a common weakness in software security.

CVE-2010-10006

HIGH Year: 2010

CVSS v3 Score

7.5

High

CVSS v2 Score

1.4

Low

Weakness Type

CWE-208

View all →

Vulnerability Description

A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.08 is able to address this issue. The name of the patch is c9baaa976b684637f0d5a50268e91846a7a719ab. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218460.

CVE-2013-10006

HIGH

CVSS:7.5(High)

A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of...

CWE-2082013

CVE-2021-42016

HIGH

CVSS:7.5(High)

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M...

CWE-2082021

CVE-2022-31142

HIGH

CVSS:7.5(High)

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attac...

CWE-2082022

CVE-2023-41097

HIGH

CVSS:7.5(High)

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

CWE-2082023

CVE-2023-50781

HIGH

CVSS:7.5(High)

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive dat...

CWE-2082023

CVE-2023-50782

HIGH

CVSS:7.5(High)

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confid...

CWE-2082023

CVE-2010-10006

Vulnerability Description

Related Vulnerabilities

CVE-2013-10006

CVE-2021-42016

CVE-2022-31142

CVE-2023-41097

CVE-2023-50781

CVE-2023-50782