It was found that jasypt before allows a timing attack against the password hash comparison. Upstream patch: https://sourceforge.net/p/jasypt/code/668/
This issue has been addressed in the following products: Red Hat JBoss BRMS Via RHSA-2017:2547 https://access.redhat.com/errata/RHSA-2017:2547
This issue has been addressed in the following products: Red Hat JBoss BPM Suite Via RHSA-2017:2546 https://access.redhat.com/errata/RHSA-2017:2546
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0.8 Via RHSA-2017:2810 https://access.redhat.com/errata/RHSA-2017:2810
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:2808 https://access.redhat.com/errata/RHSA-2017:2808
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:2809 https://access.redhat.com/errata/RHSA-2017:2809
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:2811 https://access.redhat.com/errata/RHSA-2017:2811
This issue has been addressed in the following products: RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:3141 https://access.redhat.com/errata/RHSA-2017:3141
This issue has been addressed in the following products: Red Hat JBoss Data Grid Via RHSA-2018:0294 https://access.redhat.com/errata/RHSA-2018:0294