An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.
CPE | Name | Operator | Version |
---|---|---|---|
open_network_automation_platform | ge | 3.0.0 | |
open_network_automation_platform | lt | 4.0.0 |