MathanKumar Thirunavukkarasu created FOP-2778:
-------------------------------------------------

             Summary: Vulnerable to
                 Key: FOP-2778
                 URL: https://issues.apache.org/jira/browse/FOP-2778
             Project: FOP
          Issue Type: Bug
    Affects Versions: 2.2
            Reporter: MathanKumar Thirunavukkarasu


Summary

Hardcoded encryption keys may compromise system security in a way that cannot 
be easily remedied.
h3. Explanation

It is never a good idea to hardcode an encryption key because it allows all of 
the project's developers to view the encryption key, and makes fixing the 
problem extremely difficult. Once the code is in production, the encryption key 
cannot be changed without patching the software. If the account that is 
protected by the encryption key is compromised, the owners of the system will 
be forced to choose between security and availability.


In this case the encryption key is located at in *HyphenationTree.java* at line 
*577*.

*Example 1:* The following code uses a hardcoded encryption key:




...
private static final String encryptionKey = "lakdsljkalkjlksdfkl";
byte[] keyBytes = encryptionKey.getBytes();
SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
Cipher encryptCipher = Cipher.getInstance("AES");
encryptCipher.init(Cipher.ENCRYPT_MODE, key);
...



*Anyone who has access to the code will have access to the encryption key. Once 
the application has shipped, there is no way to change the encryption key 
unless the program is patched. An employee with access to this information 
could use it to break into the system. Even worse, if attackers had access to 
the executable for the application, they could extract the encryption key 
value.*

----------------------------------------------------------------
h3. Summary

The function *initCipher()* in *PDFEncryptionJCE.java* uses a cryptographic 
encryption algorithm with an insecure mode of operation on line 
*771*.Cryptographic encryption algorithms should not be used with an insecure 
mode of operation.
h3. Explanation

A mode of operation of a block cipher is an algorithm that describes how to 
repeatedly apply a cipher's single-block operation to securely transform 
amounts of data larger than a block. Some of the modes of operation include 
Electronic Codebook (ECB), Cipher Block Chaining (CBC), and Cipher Feedback 
(CFB).

ECB mode is inherently weak, as it results in the same ciphertext for identical 
blocks of plaintext. CBC mode is the superior choice as it does not have this 
weakness.

*Example 1:* The following code uses AES cipher with ECB mode:




...
SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, key);
...



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to