Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-680

Usage of broken hash algorithm detected

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • None
    • None
    • None
    • None

    Description

      In file https://github.com/apache/ws-wss4j/blob/7923539117127296a65392f4c83ebd885386b7e4/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java (at Line 96) "SHA-1" algorithm has been used.

      Security Impact:

      SHA-1 algorithm can be broken in an hour. And because digital fingerprints generated with it can be forged.

      Useful Resources:

      https://cwe.mitre.org/data/definitions/327.html

      Solution we suggest:

      Use Sha >= 256 algorithms instead

      Please share with us your opinions/comments if there is any:

      Is the bug report helpful?

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            mahir.kabir Md Mahir Asef Kabir
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: