Launchpad.net

CVE 2014-9970

jasypt before 1.9.2 allows a timing attack against the password hash comparison.

See the CVE page on Mitre.org for more details.

References