Skip to content

Commit fe16018

Browse files
J12934J12934
committed
#2310 switch to a non vulnerable padding mechanism
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
1 parent 3e2fb6c commit fe16018

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

scanners/ncrack/parser/parser.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
const xml2js = require("xml2js");
66
const crypto = require("crypto");
7-
const { readFile } = require("fs/promises");
7+
const {readFile} = require("fs/promises");
88

99
async function parse(
1010
fileContent,
@@ -37,7 +37,7 @@ function transformToFindings(ncrackrun, publicKey) {
3737
.publicEncrypt(
3838
{
3939
key: publicKey,
40-
padding: crypto.constants.RSA_PKCS1_PADDING,
40+
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
4141
},
4242
Buffer.from(password)
4343
)

scanners/ncrack/parser/parser.test.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@ it("should encrypt findings when a public key is set", async () => {
142142
let decryptedData = crypto.privateDecrypt(
143143
{
144144
key: privateKey,
145-
padding: crypto.constants.RSA_PKCS1_PADDING,
145+
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
146146
},
147147
Buffer.from(finding.attributes.password, "base64")
148148
);

0 commit comments

Comments
 (0)