Progress OpenEdge OECH1 Encoding Vulnerability Allowing Exploitation of Compromised Password Secrets

A vulnerability exists in Progress OpenEdge due to the use of the OECH1 encoding algorithm for obfuscating sensitive values. This encoding has been deemed cryptographically weak and inappropriate for enterprise applications, leaving encoded values compromised. The vulnerability allows for exploitation of OECH1-encoded credentials, which should be considered as such. All versions of OpenEdge prior to 12.2.19 and 12.8.11 are affected.

Impact

The vulnerability undermines the security of OpenEdge environments by allowing exploitation of OECH1-encoded credentials, which are now considered compromised. This could lead to unauthorized access or actions within the OpenEdge platform.

Remediation

Users are advised to upgrade to OpenEdge versions 12.2.19 or 12.8.11. After upgrading, all customer-managed OECH1-encoded values must be replaced with stronger encoding algorithms, as OECH1 is no longer supported and will cause runtime errors. A temporary migration option is available for development environments to decode existing OECH1 values, but this should not be used in production.