[Freeipa-devel] [freeipa PR#509][comment] Migrate OTP import script to python-cryptography
tiran
freeipa-github-notification at redhat.com
Mon Feb 27 10:48:47 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/509
Title: #509: Migrate OTP import script to python-cryptography
tiran commented:
"""
The importer uses RSAES-PKCS1 v1.5 to decrypt a session key. PKCS1 v1.5 is potentially vulnerable to CCA Bleichenbacher. In my professional opinion, the OTP importer cannot be abused as an oracle. The script is used as a one-shot importer and not run as an interactive service.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/509#issuecomment-282687544
More information about the Freeipa-devel
mailing list