weizhouapache commented on issue #4849: URL: https://github.com/apache/cloudstack/issues/4849#issuecomment-803928397
> is this about communication between the webclient and the target or between the console proxy and the target, @davidjumani . This is another static analysis report without exploit, publicly submitted :( > we'll have to do assesment. @DaanHoogland it is about the token in vm console URL. it is ecrypted/decrypted using a single 'key'. it would be better to use a key/iv pair. @davidjumani you may find some code for CBC encryption/decryption in my closed pr for novnc console: https://github.com/apache/cloudstack/pull/3296/files (search for keyword 'CBC'). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
