URL: https://github.com/freeipa/freeipa/pull/509
Title: #509: Migrate OTP import script to python-cryptography

tiran commented:
The importer uses RSAES-PKCS1 v1.5 to decrypt a session key. PKCS1 v1.5 is 
potentially vulnerable to CCA Bleichenbacher. In my professional opinion, the 
OTP importer cannot be abused as an oracle. The script is used as a one-shot 
importer and not run as an interactive service.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to