Eduardo Aguinaga created CASSANDRA-12540:
--------------------------------------------
Summary: Password Management: Hardcoded Password
Key: CASSANDRA-12540
URL: https://issues.apache.org/jira/browse/CASSANDRA-12540
Project: Cassandra
Issue Type: Sub-task
Reporter: Eduardo Aguinaga
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of
the Cassandra source code. The analysis included an automated analysis using HP
Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The
results of that analysis includes the issue below.
Issue:
In the file EncryptionOptions.java there are hard coded passwords on lines 23
and 25.
{code:java}
EncryptionOptions.java, lines 20-30:
20 public abstract class EncryptionOptions
21 {
22 public String keystore = "conf/.keystore";
23 public String keystore_password = "cassandra";
24 public String truststore = "conf/.truststore";
25 public String truststore_password = "cassandra";
26 public String[] cipher_suites = {
27 "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA",
28 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
29 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
30 };
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
