Title: #509: Migrate OTP import script to python-cryptography
The importer uses RSAES-PKCS1 v1.5 to decrypt a session key. PKCS1 v1.5 is
potentially vulnerable to CCA Bleichenbacher. In my professional opinion, the
OTP importer cannot be abused as an oracle. The script is used as a one-shot
importer and not run as an interactive service.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code