[
https://issues.apache.org/jira/browse/JSPWIKI-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated JSPWIKI-1145:
------------------------------------
Labels: pull-request-available (was: )
> Weak one-way hash used
> ----------------------
>
> Key: JSPWIKI-1145
> URL: https://issues.apache.org/jira/browse/JSPWIKI-1145
> Project: JSPWiki
> Issue Type: Improvement
> Components: Authentication & Authorization
> Reporter: Vicky Zhang
> Priority: Major
> Labels: pull-request-available
>
> In file
> jspwiki/jspwiki-main/src/main/java/org/apache/wiki/auth/user/AbstractUserDatabase.java,
> line 276, SHA is been used for hash text
> *Security Impact:*
> The product uses a hashing algorithm that produces a hash value that can be
> used to determine the original input, or to find an input that can produce
> the same hash, more efficiently than brute force techniques.
> *suggestions:*
> [NIST|https://csrc.nist.gov/projects/hash-functions] recommends the use of
> SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256.
> Useful link:
> [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf]
> [https://cwe.mitre.org/data/definitions/328.html]
> [https://cwe.mitre.org/data/definitions/916.html]
>
> *Please share with us your opinions/comments if there is any:*
> Is the bug report helpful?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
