oss-sec mailing list archives
CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography initialization
From: 陈明雨 <morningman () 163 com>
Date: Tue, 26 Apr 2022 22:33:47 +0800 (CST)
Severity: moderate Description: ============= Doris use hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. Mitigation: ============= Upgrade to 1.0.0[1] or higher will resolve this problem. Credit: ============= We would like to thanks to Dwi Siswanto for the report of this issue References: ============= https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvt[1] http://doris.incubator.apache.org/downloads/downloads.html -- 此致!Best Regards 陈明雨 Mingyu Chen Email: chenmingyu () apache org
Current thread:
- CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography initialization 陈明雨 (Apr 26)