3 matches found
CVE-2021-45458
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...
CVE-2021-45458
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...
CVE-2021-45458
Apache Kylin’s PasswordPlaceholderConfigurer uses a cipher initialized with a hardcoded key and IV, risking decryption of passwords stored in configuration. Affected: Kylin 2.x ≤ 2.6.6; 3.x ≤ 3.1.2; 4.x ≤ 4.0.0. Impact: potential password exposure. Remediation/fix details are not provided in the ...