[jira] [Updated] (CLOUDSTACK-5241) ROT13 usage

Rohit Yadav (JIRA) Wed, 03 Dec 2014 02:44:07 -0800

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-5241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rohit Yadav updated CLOUDSTACK-5241:
------------------------------------
    Fix Version/s: 4.3.2
                   4.5.0

> ROT13 usage
> -----------
>
>                 Key: CLOUDSTACK-5241
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5241
>             Project: CloudStack
>          Issue Type: Bug
>    Affects Versions: 4.2.0
>            Reporter: John Kinsella
>            Assignee: Sheng Yang
>              Labels: security
>             Fix For: 4.5.0, 4.4.3, 4.3.2
>
>
> The server/src/com/cloud/network/element/CloudZonesNetworkElement.java and 
> server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java 
> files use the PasswordGenerator.rot13() method. This method is using a cipher 
> which provides no effective encryption or obfuscation.
> Mitigation:
> Remove the PasswordGenerator.rot13() method so that it is never used in the 
> future. Change the usages to use AES-based encryption (possibly with 
> DBEncryptionUtil.encrypt()).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (CLOUDSTACK-5241) ROT13 usage

Reply via email to