[WSS-680] Usage of broken hash algorithm detected - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

In file https://github.com/apache/ws-wss4j/blob/7923539117127296a65392f4c83ebd885386b7e4/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java (at Line 96) "SHA-1" algorithm has been used.

Security Impact:

SHA-1 algorithm can be broken in an hour. And because digital fingerprints generated with it can be forged.

Useful Resources:

https://cwe.mitre.org/data/definitions/327.html

Solution we suggest:

Use Sha >= 256 algorithms instead

Please share with us your opinions/comments if there is any:

Is the bug report helpful?

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Md Mahir Asef Kabir

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Feb/21 18:51

Updated:: 06/Feb/21 08:59

Resolved:: 06/Feb/21 08:59