[
https://issues.jboss.org/browse/SECURITY-563?page=com.atlassian.jira.plug...
]
Christian Schlüter commented on SECURITY-563:
---------------------------------------------
even worse:
"aan2o1Y%" is encrypted an decrypted to "0?_»Ím5".
The problem is that negative BigIntegers need no leading zeroes but leading -1.
Solution:
add the following if-statement in decode-method:
for (int i = old.length - 1; i >= 0; i--)
{ encoding[i + pad] = old[i]; }
if (n.signum() == -1)
{
for (int i = 0; i < newLength - length; i++)
{ encoding[i] = (byte) -1; }
}
Exception javax.crypto.BadPaddingException: Given final block not
properly padded thrown when decrypting
---------------------------------------------------------------------------------------------------------
Key: SECURITY-563
URL:
https://issues.jboss.org/browse/SECURITY-563
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: JBossSX
Affects Versions: JBossSecurity_2.0.4.SP6
Environment: JBoss EAP 5.1
Reporter: Tom Ross
Assignee: Anil Saldhana
Exception "javax.crypto.BadPaddingException: Given final block not properly
padded" is thrown when trying to decrypt a password like "dv". It looks
like decrypt() method can not handle passwords that have been encrypted with "-"
in front. "dv" is encrypted as -7f16992f0aa153.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira