.. This work is licensed under a Creative Commons Attribution 4.0 International License. .. Copyright 2019 Samsung Electronics ================================================================= OSA-2019-016: ONAP Portal is vulnerable for Padding Oracle attack ================================================================= **Date:** 2019-05-28 **CVE:** CVE-2019-12121 **Severity:** Important Affects ------- * Portal: Dublin and earlier Description ----------- Łukasz Wrochna and Wojciech Rauner from Samsung reported a vulnerability in Portal. By executing a padding oracle attack using ONAPPORTAL/processSingleSignOn UserId field an attacker is able do decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected. Patches ------- * `88689 `_ Credits ------- * Łukasz Wrochna from Samsung * Wojciech Rauner from Samsung References ---------- * `OJSI-92 `_ * `CVE-2019-12121 `_