cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Demetrius Tsitrelis (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-8105) Use secure hash for volume/template upload
Date Mon, 22 Dec 2014 23:00:13 GMT
Demetrius Tsitrelis created CLOUDSTACK-8105:
-----------------------------------------------

             Summary: Use secure hash for volume/template upload
                 Key: CLOUDSTACK-8105
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8105
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Storage Controller
    Affects Versions: 4.4.0
            Reporter: Demetrius Tsitrelis


The MD5 algorithm produces message digests and was formally widely used to verify the integrity
of blocks of data. Since 2004 many attacks have been shown against MD5 (see security section
of http://en.wikipedia.org/wiki/MD5).

Mitigation: Remove the MD5 option. Instead use a secure hash algorithm for checking the integrity
of volume uploads such as SHA-1.

CVSS from: http://www.cvedetails.com/cve/CVE-2004-2761/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message