Hardcoded Encryption Key in OpenPages
Hardcoded Encryption Key is being used in OpenPages. As checked with IBM support team, here is the information:
"For LDAP authentication, the aurora_auth.config is configured and it stores the LDAP "security.search.user.credentials". The password in aurora_auth.config file will be encrypted via AES 256 algorithm when
the OpenPages server starts. We have been using the default key which is packaged with the OpenPages product until OP 72 FP1."
However, according to the latest update from IBM support:
"I got confirmation from developers that the custom encrypted keystore did not make the 7.3 release, which is why I couldn't find it mentioned in the documentation."
In this case, would you please enhance the product to include this feature.
High - Critical