Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
None
-
None
Description
In file https://github.com/apache/ws-wss4j/blob/7923539117127296a65392f4c83ebd885386b7e4/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java (at Line 96) "SHA-1" algorithm has been used.
Security Impact:
SHA-1 algorithm can be broken in an hour. And because digital fingerprints generated with it can be forged.
Useful Resources:
https://cwe.mitre.org/data/definitions/327.html
Solution we suggest:
Use Sha >= 256 algorithms instead
Please share with us your opinions/comments if there is any:
Is the bug report helpful?