Eduardo Aguinaga created CASSANDRA-12540: --------------------------------------------
Summary: Password Management: Hardcoded Password Key: CASSANDRA-12540 URL: https://issues.apache.org/jira/browse/CASSANDRA-12540 Project: Cassandra Issue Type: Sub-task Reporter: Eduardo Aguinaga Overview: In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below. Issue: In the file EncryptionOptions.java there are hard coded passwords on lines 23 and 25. {code:java} EncryptionOptions.java, lines 20-30: 20 public abstract class EncryptionOptions 21 { 22 public String keystore = "conf/.keystore"; 23 public String keystore_password = "cassandra"; 24 public String truststore = "conf/.truststore"; 25 public String truststore_password = "cassandra"; 26 public String[] cipher_suites = { 27 "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", 28 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 29 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" 30 }; {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)