Find real vulnerabilities before they ship
Vulnerability Database › maven › CVE-2014-9970
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
Base Score