Uploaded image for project: 'atlassian-seraph'
  1. atlassian-seraph
  2. SER-94

Autologin cookie should be encoded with real encryption

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Medium
    • 0.10
    • None
    • None
    • true

    Description

      The autologin cookie currently isn't encrypted, which is rather alarming considering it contains the user name and password. Instead, it is XOR'ed with character offsets, which is insecure. The text, if we really need to put a user name and password in there, needs to be encrypted with a real encryption algorithm.

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. SER-117 Seraph throws IllegalBlockSizeException when trying to read the cookie when a particular user visits JIRA

          • High - High priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. SER-29 Cookie login may not work under certain conditions.

          • Medium - Medium priority issues
          • RESOLVED

          Activity

            People

              dbrown@atlassian.com Don Brown (Inactive)
              dbrown@atlassian.com Don Brown (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                16 years, 35 weeks, 1 day ago

                Time Tracking

                  Estimated:
                  Original Estimate - 2h
                  2h
                  Remaining:
                  Remaining Estimate - 2h
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified