-
Story
-
Resolution: Won't Do
-
Medium
-
None
-
None
-
None
As user, I want ONAP Policy to
1) Reconfigure the affected application, if possible, to avoid use of all 64-bit block ciphers.
OR
2) Place limitations on the number of requests that are allowed to be processed over the same TLS connection to mitigate this vulnerability.
A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known
plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.
More info: https://sweet32.info/