URL: https://github.com/freeipa/freeipa/pull/509 Title: #509: Migrate OTP import script to python-cryptography
tiran commented: """ The importer uses RSAES-PKCS1 v1.5 to decrypt a session key. PKCS1 v1.5 is potentially vulnerable to CCA Bleichenbacher. In my professional opinion, the OTP importer cannot be abused as an oracle. The script is used as a one-shot importer and not run as an interactive service. """ See the full comment at https://github.com/freeipa/freeipa/pull/509#issuecomment-282687544
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code