Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
Description
In file jspwiki/jspwiki-main/src/main/java/org/apache/wiki/auth/user/AbstractUserDatabase.java, line 276, SHA is been used for hash text
Security Impact:
The product uses a hashing algorithm that produces a hash value that can be used to determine the original input, or to find an input that can produce the same hash, more efficiently than brute force techniques.
suggestions:
NIST recommends the use of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256.
Useful link:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
https://cwe.mitre.org/data/definitions/328.html
https://cwe.mitre.org/data/definitions/916.html
Please share with us your opinions/comments if there is any:
Is the bug report helpful?
Attachments
Issue Links
- links to