OSA-2019-016: ONAP Portal is vulnerable for Padding Oracle attack
Portal: Dublin and earlier
Łukasz Wrochna and Wojciech Rauner from Samsung reported a vulnerability in Portal. By executing a padding oracle attack using ONAPPORTAL/processSingleSignOn UserId field an attacker is able do decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.
Łukasz Wrochna from Samsung
Wojciech Rauner from Samsung