[jira] [Updated] (KYLIN-4478) Usage of "AES/ECB/PKCS5Padding" is insecure
[ https://issues.apache.org/jira/browse/KYLIN-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] xuekaiqi updated KYLIN-4478: Sprint: Sprint 52 (was: Sprint 53) > Usage of "AES/ECB/PKCS5Padding" is insecure > --- > > Key: KYLIN-4478 > URL: https://issues.apache.org/jira/browse/KYLIN-4478 > Project: Kylin > Issue Type: Improvement >Reporter: Md Mahir Asef Kabir >Assignee: Md Mahir Asef Kabir >Priority: Major > Fix For: v3.1.0 > > > *Vulnerability Description:* In > “core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java” > file the following code was written in public static String encrypt(String > strToEncrypt) method - > {code:java} > Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); > {code} > The vulnerability is, using "AES/ECB/PKCS5Padding” as the argument to > Cipher.getInstance method. > *Reason it’s vulnerable:* ”AES/ECB/PKCS5Padding” is not secure. For further > reference, follow [this|https://zachgrace.com/posts/attacking-ecb/]. > *Suggested Fix:* Using > {code:java} > Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding"); > {code} > *Feedback:* Please select any of the options down below to help us get an > idea about how you felt about the suggestion - > # Liked it and will make the suggested changes > # Liked it but happy with the existing version > # Didn’t find the suggestion helpful -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (KYLIN-4478) Usage of "AES/ECB/PKCS5Padding" is insecure
[ https://issues.apache.org/jira/browse/KYLIN-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] nichunen updated KYLIN-4478: Sprint: Sprint 53 (was: Sprint 52) > Usage of "AES/ECB/PKCS5Padding" is insecure > --- > > Key: KYLIN-4478 > URL: https://issues.apache.org/jira/browse/KYLIN-4478 > Project: Kylin > Issue Type: Improvement >Reporter: Md Mahir Asef Kabir >Assignee: Md Mahir Asef Kabir >Priority: Major > Fix For: v3.1.0 > > > *Vulnerability Description:* In > “core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java” > file the following code was written in public static String encrypt(String > strToEncrypt) method - > {code:java} > Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); > {code} > The vulnerability is, using "AES/ECB/PKCS5Padding” as the argument to > Cipher.getInstance method. > *Reason it’s vulnerable:* ”AES/ECB/PKCS5Padding” is not secure. For further > reference, follow [this|https://zachgrace.com/posts/attacking-ecb/]. > *Suggested Fix:* Using > {code:java} > Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding"); > {code} > *Feedback:* Please select any of the options down below to help us get an > idea about how you felt about the suggestion - > # Liked it and will make the suggested changes > # Liked it but happy with the existing version > # Didn’t find the suggestion helpful -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (KYLIN-4478) Usage of "AES/ECB/PKCS5Padding" is insecure
[ https://issues.apache.org/jira/browse/KYLIN-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] xuekaiqi updated KYLIN-4478: Sprint: Sprint 52 (was: Sprint 51) > Usage of "AES/ECB/PKCS5Padding" is insecure > --- > > Key: KYLIN-4478 > URL: https://issues.apache.org/jira/browse/KYLIN-4478 > Project: Kylin > Issue Type: Improvement >Reporter: Md Mahir Asef Kabir >Assignee: Md Mahir Asef Kabir >Priority: Major > Fix For: v3.1.0 > > > *Vulnerability Description:* In > “core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java” > file the following code was written in public static String encrypt(String > strToEncrypt) method - > {code:java} > Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); > {code} > The vulnerability is, using "AES/ECB/PKCS5Padding” as the argument to > Cipher.getInstance method. > *Reason it’s vulnerable:* ”AES/ECB/PKCS5Padding” is not secure. For further > reference, follow [this|https://zachgrace.com/posts/attacking-ecb/]. > *Suggested Fix:* Using > {code:java} > Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding"); > {code} > *Feedback:* Please select any of the options down below to help us get an > idea about how you felt about the suggestion - > # Liked it and will make the suggested changes > # Liked it but happy with the existing version > # Didn’t find the suggestion helpful -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (KYLIN-4478) Usage of "AES/ECB/PKCS5Padding" is insecure
[ https://issues.apache.org/jira/browse/KYLIN-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shao Feng Shi updated KYLIN-4478: - Sprint: Sprint 51 > Usage of "AES/ECB/PKCS5Padding" is insecure > --- > > Key: KYLIN-4478 > URL: https://issues.apache.org/jira/browse/KYLIN-4478 > Project: Kylin > Issue Type: Improvement >Reporter: Md Mahir Asef Kabir >Assignee: Md Mahir Asef Kabir >Priority: Major > Fix For: v3.1.0 > > > *Vulnerability Description:* In > “core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java” > file the following code was written in public static String encrypt(String > strToEncrypt) method - > {code:java} > Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); > {code} > The vulnerability is, using "AES/ECB/PKCS5Padding” as the argument to > Cipher.getInstance method. > *Reason it’s vulnerable:* ”AES/ECB/PKCS5Padding” is not secure. For further > reference, follow [this|https://zachgrace.com/posts/attacking-ecb/]. > *Suggested Fix:* Using > {code:java} > Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding"); > {code} > *Feedback:* Please select any of the options down below to help us get an > idea about how you felt about the suggestion - > # Liked it and will make the suggested changes > # Liked it but happy with the existing version > # Didn’t find the suggestion helpful -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (KYLIN-4478) Usage of "AES/ECB/PKCS5Padding" is insecure
[ https://issues.apache.org/jira/browse/KYLIN-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shao Feng Shi updated KYLIN-4478: - Fix Version/s: v3.1.0 > Usage of "AES/ECB/PKCS5Padding" is insecure > --- > > Key: KYLIN-4478 > URL: https://issues.apache.org/jira/browse/KYLIN-4478 > Project: Kylin > Issue Type: Improvement >Reporter: Md Mahir Asef Kabir >Assignee: Md Mahir Asef Kabir >Priority: Major > Fix For: v3.1.0 > > > *Vulnerability Description:* In > “core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java” > file the following code was written in public static String encrypt(String > strToEncrypt) method - > {code:java} > Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); > {code} > The vulnerability is, using "AES/ECB/PKCS5Padding” as the argument to > Cipher.getInstance method. > *Reason it’s vulnerable:* ”AES/ECB/PKCS5Padding” is not secure. For further > reference, follow [this|https://zachgrace.com/posts/attacking-ecb/]. > *Suggested Fix:* Using > {code:java} > Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding"); > {code} > *Feedback:* Please select any of the options down below to help us get an > idea about how you felt about the suggestion - > # Liked it and will make the suggested changes > # Liked it but happy with the existing version > # Didn’t find the suggestion helpful -- This message was sent by Atlassian Jira (v8.3.4#803005)