Design/Logic Flaw

2020-03-1819:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.

CPENameOperatorVersion
open_network_automation_platformge3.0.0
open_network_automation_platformlt4.0.0

CPE	Name	Operator	Version
	open_network_automation_platform	ge	3.0.0
	open_network_automation_platform	lt	4.0.0

References

jira.onap.org/browse/OJSI-92