[ https://issues.apache.org/jira/browse/CLOUDSTACK-5241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14233936#comment-14233936 ]
Rohit Yadav commented on CLOUDSTACK-5241: ----------------------------------------- [~yasker] will backport the fix to 4.3 and 4.4 break anything? > ROT13 usage > ----------- > > Key: CLOUDSTACK-5241 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5241 > Project: CloudStack > Issue Type: Bug > Affects Versions: 4.2.0 > Reporter: John Kinsella > Assignee: Sheng Yang > Labels: security > Fix For: 4.5.0 > > > The server/src/com/cloud/network/element/CloudZonesNetworkElement.java and > server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java > files use the PasswordGenerator.rot13() method. This method is using a cipher > which provides no effective encryption or obfuscation. > Mitigation: > Remove the PasswordGenerator.rot13() method so that it is never used in the > future. Change the usages to use AES-based encryption (possibly with > DBEncryptionUtil.encrypt()). -- This message was sent by Atlassian JIRA (v6.3.4#6332)