MathanKumar Thirunavukkarasu updated FOP-2778:
    Summary: Security Vulnerabilities on FOP  (was: Vulnerable to)

> Security Vulnerabilities on FOP
> -------------------------------
>                 Key: FOP-2778
>                 URL: https://issues.apache.org/jira/browse/FOP-2778
>             Project: FOP
>          Issue Type: Bug
>    Affects Versions: 2.2
>            Reporter: MathanKumar Thirunavukkarasu
>            Priority: Critical
>              Labels: encryption
> Summary
> Hardcoded encryption keys may compromise system security in a way that cannot 
> be easily remedied.
> h3. Explanation
> It is never a good idea to hardcode an encryption key because it allows all 
> of the project's developers to view the encryption key, and makes fixing the 
> problem extremely difficult. Once the code is in production, the encryption 
> key cannot be changed without patching the software. If the account that is 
> protected by the encryption key is compromised, the owners of the system will 
> be forced to choose between security and availability.
> In this case the encryption key is located at in *HyphenationTree.java* at 
> line *577*.
> *Example 1:* The following code uses a hardcoded encryption key:
> ...
> private static final String encryptionKey = "lakdsljkalkjlksdfkl";
> byte[] keyBytes = encryptionKey.getBytes();
> SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
> Cipher encryptCipher = Cipher.getInstance("AES");
> encryptCipher.init(Cipher.ENCRYPT_MODE, key);
> ...
> *Anyone who has access to the code will have access to the encryption key. 
> Once the application has shipped, there is no way to change the encryption 
> key unless the program is patched. An employee with access to this 
> information could use it to break into the system. Even worse, if attackers 
> had access to the executable for the application, they could extract the 
> encryption key value.*
> ----------------------------------------------------------------
> h3. Summary
> The function *initCipher()* in *PDFEncryptionJCE.java* uses a cryptographic 
> encryption algorithm with an insecure mode of operation on line 
> *771*.Cryptographic encryption algorithms should not be used with an insecure 
> mode of operation.
> h3. Explanation
> A mode of operation of a block cipher is an algorithm that describes how to 
> repeatedly apply a cipher's single-block operation to securely transform 
> amounts of data larger than a block. Some of the modes of operation include 
> Electronic Codebook (ECB), Cipher Block Chaining (CBC), and Cipher Feedback 
> (CFB).
> ECB mode is inherently weak, as it results in the same ciphertext for 
> identical blocks of plaintext. CBC mode is the superior choice as it does not 
> have this weakness.
> *Example 1:* The following code uses AES cipher with ECB mode:
> ...
> SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
> Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
> cipher.init(Cipher.ENCRYPT_MODE, key);
> ...

This message was sent by Atlassian JIRA

Reply via email to