Uploaded image for project: 'JSPWiki'
  1. JSPWiki
  2. JSPWIKI-1145

Weak one-way hash used

    XMLWordPrintableJSON

Details

    Description

      In file jspwiki/jspwiki-main/src/main/java/org/apache/wiki/auth/user/AbstractUserDatabase.java, line 276, SHA is been used for hash text

      Security Impact: 

      The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques.

      suggestions:

      NIST recommends the use of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256.

      Useful link:

      https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf

      https://cwe.mitre.org/data/definitions/328.html

      https://cwe.mitre.org/data/definitions/916.html

       

      Please share with us your opinions/comments if there is any:

      Is the bug report helpful?

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              Vicky Zhang Vicky Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: