Severity: moderate Description =============== Doris use hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.
Mitigation =============== Upgrade to 1.0.0[1] or higher will resolve this problem. Credit: =============== We would like to thanks to Dwi Siswanto<m...@dw1.io> for the report of this issue [1] http://doris.incubator.apache.org/downloads/downloads.html -- 此致!Best Regards 陈明雨 Mingyu Chen Email: chenmin...@apache.org
