[jira] [Updated] (KYLIN-4478) Usage of "AES/ECB/PKCS5Padding" is insecure

2020-06-12 Thread xuekaiqi (Jira) 


 [ 
https://issues.apache.org/jira/browse/KYLIN-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

xuekaiqi updated KYLIN-4478:

Sprint: Sprint 52  (was: Sprint 53)

> Usage of "AES/ECB/PKCS5Padding" is insecure
> ---
>
> Key: KYLIN-4478
> URL: https://issues.apache.org/jira/browse/KYLIN-4478
> Project: Kylin
>  Issue Type: Improvement
>Reporter: Md Mahir Asef Kabir
>Assignee: Md Mahir Asef Kabir
>Priority: Major
> Fix For: v3.1.0
>
>
> *Vulnerability Description:* In 
> “core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java” 
> file the following code was written in public static String encrypt(String 
> strToEncrypt) method - 
> {code:java}
> Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
> {code}
> The vulnerability is, using "AES/ECB/PKCS5Padding” as the argument to 
> Cipher.getInstance method.
> *Reason it’s vulnerable:* ”AES/ECB/PKCS5Padding” is not secure. For further 
> reference, follow [this|https://zachgrace.com/posts/attacking-ecb/].
> *Suggested Fix:* Using 
> {code:java}
> Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding");
> {code}
> *Feedback:* Please select any of the options down below to help us get an 
> idea about how you felt about the suggestion - 
> # Liked it and will make the suggested changes
> # Liked it but happy with the existing version
> # Didn’t find the suggestion helpful



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (KYLIN-4478) Usage of "AES/ECB/PKCS5Padding" is insecure

2020-06-05 Thread nichunen (Jira) 


 [ 
https://issues.apache.org/jira/browse/KYLIN-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

nichunen updated KYLIN-4478:

Sprint: Sprint 53  (was: Sprint 52)

> Usage of "AES/ECB/PKCS5Padding" is insecure
> ---
>
> Key: KYLIN-4478
> URL: https://issues.apache.org/jira/browse/KYLIN-4478
> Project: Kylin
>  Issue Type: Improvement
>Reporter: Md Mahir Asef Kabir
>Assignee: Md Mahir Asef Kabir
>Priority: Major
> Fix For: v3.1.0
>
>
> *Vulnerability Description:* In 
> “core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java” 
> file the following code was written in public static String encrypt(String 
> strToEncrypt) method - 
> {code:java}
> Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
> {code}
> The vulnerability is, using "AES/ECB/PKCS5Padding” as the argument to 
> Cipher.getInstance method.
> *Reason it’s vulnerable:* ”AES/ECB/PKCS5Padding” is not secure. For further 
> reference, follow [this|https://zachgrace.com/posts/attacking-ecb/].
> *Suggested Fix:* Using 
> {code:java}
> Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding");
> {code}
> *Feedback:* Please select any of the options down below to help us get an 
> idea about how you felt about the suggestion - 
> # Liked it and will make the suggested changes
> # Liked it but happy with the existing version
> # Didn’t find the suggestion helpful



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (KYLIN-4478) Usage of "AES/ECB/PKCS5Padding" is insecure

2020-05-15 Thread xuekaiqi (Jira) 


 [ 
https://issues.apache.org/jira/browse/KYLIN-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

xuekaiqi updated KYLIN-4478:

Sprint: Sprint 52  (was: Sprint 51)

> Usage of "AES/ECB/PKCS5Padding" is insecure
> ---
>
> Key: KYLIN-4478
> URL: https://issues.apache.org/jira/browse/KYLIN-4478
> Project: Kylin
>  Issue Type: Improvement
>Reporter: Md Mahir Asef Kabir
>Assignee: Md Mahir Asef Kabir
>Priority: Major
> Fix For: v3.1.0
>
>
> *Vulnerability Description:* In 
> “core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java” 
> file the following code was written in public static String encrypt(String 
> strToEncrypt) method - 
> {code:java}
> Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
> {code}
> The vulnerability is, using "AES/ECB/PKCS5Padding” as the argument to 
> Cipher.getInstance method.
> *Reason it’s vulnerable:* ”AES/ECB/PKCS5Padding” is not secure. For further 
> reference, follow [this|https://zachgrace.com/posts/attacking-ecb/].
> *Suggested Fix:* Using 
> {code:java}
> Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding");
> {code}
> *Feedback:* Please select any of the options down below to help us get an 
> idea about how you felt about the suggestion - 
> # Liked it and will make the suggested changes
> # Liked it but happy with the existing version
> # Didn’t find the suggestion helpful



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (KYLIN-4478) Usage of "AES/ECB/PKCS5Padding" is insecure

2020-05-15 Thread Shao Feng Shi (Jira) 


 [ 
https://issues.apache.org/jira/browse/KYLIN-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shao Feng Shi updated KYLIN-4478:
-
Sprint: Sprint 51

> Usage of "AES/ECB/PKCS5Padding" is insecure
> ---
>
> Key: KYLIN-4478
> URL: https://issues.apache.org/jira/browse/KYLIN-4478
> Project: Kylin
>  Issue Type: Improvement
>Reporter: Md Mahir Asef Kabir
>Assignee: Md Mahir Asef Kabir
>Priority: Major
> Fix For: v3.1.0
>
>
> *Vulnerability Description:* In 
> “core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java” 
> file the following code was written in public static String encrypt(String 
> strToEncrypt) method - 
> {code:java}
> Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
> {code}
> The vulnerability is, using "AES/ECB/PKCS5Padding” as the argument to 
> Cipher.getInstance method.
> *Reason it’s vulnerable:* ”AES/ECB/PKCS5Padding” is not secure. For further 
> reference, follow [this|https://zachgrace.com/posts/attacking-ecb/].
> *Suggested Fix:* Using 
> {code:java}
> Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding");
> {code}
> *Feedback:* Please select any of the options down below to help us get an 
> idea about how you felt about the suggestion - 
> # Liked it and will make the suggested changes
> # Liked it but happy with the existing version
> # Didn’t find the suggestion helpful



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (KYLIN-4478) Usage of "AES/ECB/PKCS5Padding" is insecure

2020-05-14 Thread Shao Feng Shi (Jira) 


 [ 
https://issues.apache.org/jira/browse/KYLIN-4478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shao Feng Shi updated KYLIN-4478:
-
Fix Version/s: v3.1.0

> Usage of "AES/ECB/PKCS5Padding" is insecure
> ---
>
> Key: KYLIN-4478
> URL: https://issues.apache.org/jira/browse/KYLIN-4478
> Project: Kylin
>  Issue Type: Improvement
>Reporter: Md Mahir Asef Kabir
>Assignee: Md Mahir Asef Kabir
>Priority: Major
> Fix For: v3.1.0
>
>
> *Vulnerability Description:* In 
> “core-common/src/main/java/org/apache/kylin/common/util/EncryptUtil.java” 
> file the following code was written in public static String encrypt(String 
> strToEncrypt) method - 
> {code:java}
> Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
> {code}
> The vulnerability is, using "AES/ECB/PKCS5Padding” as the argument to 
> Cipher.getInstance method.
> *Reason it’s vulnerable:* ”AES/ECB/PKCS5Padding” is not secure. For further 
> reference, follow [this|https://zachgrace.com/posts/attacking-ecb/].
> *Suggested Fix:* Using 
> {code:java}
> Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding");
> {code}
> *Feedback:* Please select any of the options down below to help us get an 
> idea about how you felt about the suggestion - 
> # Liked it and will make the suggested changes
> # Liked it but happy with the existing version
> # Didn’t find the suggestion helpful



--
This message was sent by Atlassian Jira
(v8.3.4#803005)