cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohit Yadav (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CLOUDSTACK-5241) ROT13 usage
Date Thu, 04 Dec 2014 06:01:13 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-5241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14233936#comment-14233936
] 

Rohit Yadav edited comment on CLOUDSTACK-5241 at 12/4/14 6:00 AM:
------------------------------------------------------------------

[~yasker] will backporting the fix to 4.3 and 4.4 break anything?


was (Author: bhaisaab):
[~yasker] will backport the fix to 4.3 and 4.4 break anything?

> ROT13 usage
> -----------
>
>                 Key: CLOUDSTACK-5241
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5241
>             Project: CloudStack
>          Issue Type: Bug
>    Affects Versions: 4.2.0
>            Reporter: John Kinsella
>            Assignee: Sheng Yang
>              Labels: security
>             Fix For: 4.5.0
>
>
> The server/src/com/cloud/network/element/CloudZonesNetworkElement.java and server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
files use the PasswordGenerator.rot13() method. This method is using a cipher which provides
no effective encryption or obfuscation.
> Mitigation:
> Remove the PasswordGenerator.rot13() method so that it is never used in the future. Change
the usages to use AES-based encryption (possibly with DBEncryptionUtil.encrypt()).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message