camel pull request: VERACODE-659,660,663, 664: Insufficient Entropy (CWE ID...

Thu, 26 Dec 2013 04:47:47 -0800 

GitHub user MrLion opened a pull request:

    https://github.com/apache/camel/pull/80

    VERACODE-659,660,663, 664: Insufficient Entropy (CWE ID 331)

    During Veracode scan of our application we discover several warnings in 
Camel. Please review our fix and apply it if it make sance.
    
    Quote from Veracode report below:
    Insufficient Entropy (CWE ID 331)(7 flaws)
    Description
    Standard random number generators do not provide a sufficient amount of 
entropy when used for security purposes.
    Attackers can brute force the output of pseudorandom number generators such 
as rand().
    Effort to Fix: 2 - Implementation error. Fix is approx. 6-50 lines of code. 
1 day to fix.
    Recommendations
    If this random number is used where security is a concern, such as 
generating a session key or session identifier, use a trusted cryptographic 
random number generator instead. These can be found on the Windows platform in 
the
    CryptoAPI or in an open source library such as OpenSSL.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/engagepoint/camel patch-ENT-Entropy

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/camel/pull/80.patch

----
commit de7766f2451a7013b54c285f378bf7cbfef1d766
Author: leonid.marushevskiy <leonid.marushevs...@engagepoint.com>
Date:   2013-12-20T14:43:55Z

    VERACODE-659: fix of CWE ID 331 insufficient entropy in RandomLoadBalancer

commit a1920ad74c7f10ce3148482bd7d033b530a3e681
Author: leonid.marushevskiy <leonid.marushevs...@engagepoint.com>
Date:   2013-12-20T14:49:43Z

    VERACODE-660: fix of CWE ID 331 insufficient entropy in RedeliveryPolicy

commit a3ea9952d612a7214815d5ea3c2102fd7819eb6d
Author: leonid.marushevskiy <leonid.marushevs...@engagepoint.com>
Date:   2013-12-20T14:52:50Z

    VERACODE-663: fix of CWE ID 331 insufficient entropy in 
WeightedRandomLoadBalancer

commit fa7a52fe6ce05a26c3826161fc8c3e42eebb2861
Author: leonid.marushevskiy <leonid.marushevs...@engagepoint.com>
Date:   2013-12-20T14:56:10Z

    VERACODE-654: fix of CWE ID 331 insufficient entropy in FileUtil

----

Reply via email to