Skip to main content
Delphix

TB048 Segmented Mapping Masking Algorithm Data Escape Security Vulnerability

 

Alert Type

Security

Affected Software

The issue affects the following Delphix Releases with Masking service enabled:

  • Delphix Engine 5.2.6.0

  • Delphix Engine 5.2.5.0 and 5.2.5.1

  • Delphix Engine 5.2.4.0

  • Delphix Engine 5.2.3.0 and 5.2.3.1

  • Delphix Engine 5.2.2.0 and 5.2.2.1

Description

Unmasked data will be in the database after a masking job completes without reporting an error when a numeric Segment Mapping (SM) algorithm is applied to data shorter than the algorithm’s defined length. (e.g., mask a 10 digit value with a 16 digit numeric SM algorithm).

Impact

Any input value that is shorter than the number SM algorithm’s defined lengths will escape unmasked from the algorithm and will appear in the output.

Relief/Workaround

Delphix highly recommends upgrading to version 5.2.6.1 or later. If that is not possible, the below workaround can be used. For each numeric segment mapping algorithm, the Masking Engine administrator can perform all the following steps:

  1. Create an alphanumeric SM algorithm with the same configuration as the numeric algorithm.

  2. For each Inventory column/field where the numeric SM algorithm is assigned, replace it with the alphanumeric SM algorithm created in the previous step.

  3. For each Domain where the alphanumeric SM algorithm is assigned, replace it with the numeric SM algorithm created in the first step.

Resolution

This issue has been fully resolved in the Delphix Engine 5.2.6.1 release.