[JIRA] [hp-application-automation-tools-plugin] (JENKINS-17515) HP Security Vulnerability in Password Handling

[david.ehrin...@gmail.com (JIRA)]

David Ehringer created JENKINS-17515 HP Security Vulnerability in Password Handling Issue Type: Bug Assignee: Ofir Shaked Components: hp-application-automation-tools-plugin Created: 08/Apr/13 1:26 PM Description: https://github.com/jenkinsci/hp-application-automation-tools-plugin/blob/master/src/main/java/com/hp/application/automation/tools/EncryptionUtils.java uses a non-secret key (the key is published on GitHub) and a static initialization vector. This renders the encryption useless. Furthermore, the exposed password is written to a text file in the build filesystem, which can be viewed directly through the Jenkins UI via file archiving. Project: Jenkins Priority: Blocker Reporter: David Ehringer

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.