https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/AAA-49 aaa <p>If you switch the AAA token store to the MD-SAL store for clustering, tokens are in plain text in the data store, hence you have a security issue.</p> <p>Operating System: All<br/> Platform: All</p> AAA-49

Tokens stored in MDSAL are not encrypted

Bug Resolved Cannot Reproduce Sharon Aicler Sharon Aicler Tue, 14 Jul 2015 05:08:36 +0000 Thu, 21 Mar 2019 11:56:42 +0000 Thu, 23 Jul 2015 17:28:10 +0000 General 0 2 <p>Is this a duplicate of <a href="https://jira.opendaylight.org/browse/AAA-21" title="Security Issue in Restconf: Restconf config output produces user name and password in clear text" class="issue-link" data-issue-key="AAA-21"><del>AAA-21</del></a>? They seem similar but I'm not 100% positive. Thanks!</p> <p>No, The RestConf bug is for passing back and forward user/password in clean text while this bug is for storing token inside the MDSAL data store in a non encrypted way. I guess the same encrypting/decrypting mechanism can be used for different kind of places where encryption is needed, maybe it will be a good idea to place a comment in <a href="https://jira.opendaylight.org/browse/AAA-21" title="Security Issue in Restconf: Restconf config output produces user name and password in clear text" class="issue-link" data-issue-key="AAA-21"><del>AAA-21</del></a> stating to be aware of this bug encryption solution.</p> <p>Tokens are not in plain text since dcb210ba960fd61c4bd8b8509fe3eb05ac095efd</p> <p>Correct, I have not notice that... because my DataEncrypter utility was used, I though I added that...:o) I will junk this bug.</p> Development External issue ID 3992 External issue URL Rank 0|i023s7: