Found broken a feature for fingerprint image obfuscation
Bug #1819406 reported by
Seong-Joong Kim
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libfprint |
Fix Released
|
Unknown
|
|||
libfprint (Ubuntu) |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Dear all,
In this package, a random seed is used for generation key for obfuscating a fingerprint image in uru4000 driver.
Unfortunately, it seems that the seed always exhibits the same sequence of numbers each time since it is generated from rand() in libc by default.
Then I reported this issue to the upstream with the patch.
However, the maintainer insists that the obfuscation-feature can be broken since the key for encryption is composed of just 4-bytes length.
Thus, there is no need to patch about random seed anyway.
It's pretty weird to say that.
Would it be all right if I leave this as it is?
Many thanks!!
CVE References
Changed in libfprint (Ubuntu): | |
status: | New → Confirmed |
importance: | High → Low |
importance: | Low → High |
importance: | High → Low |
Changed in libfprint: | |
status: | Unknown → New |
Changed in libfprint: | |
status: | New → Fix Released |
To post a comment you must log in.
Thank you for your bug report, do you have any pointer to the discuss with the upstream maintainer?