Skip to content

Usage of "AES/CBC/PKCS5Padding" is insecure #4694

New issue
New issue
Closed
#7237
Closed
Usage of "AES/CBC/PKCS5Padding" is insecure#4694
#7237
Assignees
weizhouapache
Labels
Severity:Minorcomponent:console-proxytype:security
Milestone
4.18.1.0
@mahirkabir

Description

@mahirkabir
mahirkabir
opened on Feb 15, 2021

In file https://github.com/apache/cloudstack/blob/0f3f2a09370a18301db28ec3d28efe746b6437c9/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyPasswordBasedEncryptor.java (at Line 61), insecure "AES/CBC/PKCS5Padding" was used for encryption.

Security Impact:

Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is susceptible to padding oracle attacks

Useful Resources:

https://rules.sonarsource.com/java/type/Vulnerability/RSPEC-4432

Solution we suggest:

Use GCM mode instead of ECB mode.

Please share with us your opinions/comments if there is any:

Is the bug report helpful?

Metadata

Metadata

Assignees

Labels

Severity:Minorcomponent:console-proxytype:security

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions