An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Icinga | Icinga | 2.0.0 (including) | 2.8.1 (including) |
Icinga | Ubuntu | artful | * |
Icinga | Ubuntu | bionic | * |
Icinga | Ubuntu | cosmic | * |
Icinga | Ubuntu | disco | * |
Icinga | Ubuntu | eoan | * |
Icinga | Ubuntu | trusty | * |
Icinga | Ubuntu | xenial | * |