Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
Fixes

Solution

No solution given by the vendor.


Workaround

Upgrade to 1.0.0 or higher will resolve this problem.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-03T03:59:23.369Z

Reserved: 2022-01-25T00:00:00

Link: CVE-2022-23942

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-26T16:15:47.673

Modified: 2024-11-21T06:49:29.837

Link: CVE-2022-23942

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.