[jira] [Created] (CLOUDSTACK-8105) Use secure hash for volume/template upload

Demetrius Tsitrelis (JIRA) Mon, 22 Dec 2014 15:00:27 -0800

Demetrius Tsitrelis created CLOUDSTACK-8105:
-----------------------------------------------


             Summary: Use secure hash for volume/template upload
                 Key: CLOUDSTACK-8105
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8105
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Storage Controller
    Affects Versions: 4.4.0
            Reporter: Demetrius Tsitrelis


The MD5 algorithm produces message digests and was formally widely used to 
verify the integrity of blocks of data. Since 2004 many attacks have been shown 
against MD5 (see security section of http://en.wikipedia.org/wiki/MD5).

Mitigation: Remove the MD5 option. Instead use a secure hash algorithm for 
checking the integrity of volume uploads such as SHA-1.

CVSS from: http://www.cvedetails.com/cve/CVE-2004-2761/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (CLOUDSTACK-8105) Use secure hash for volume/template upload

Reply via email to