[
https://issues.apache.org/jira/browse/PHOENIX-6366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Viraj Jasani resolved PHOENIX-6366.
-----------------------------------
Resolution: Duplicate
Resolving as duplicate to SYNAPSE-1126
> Usage of broken hash algorithm detected
> ---------------------------------------
>
> Key: PHOENIX-6366
> URL: https://issues.apache.org/jira/browse/PHOENIX-6366
> Project: Phoenix
> Issue Type: Improvement
> Reporter: Md Mahir Asef Kabir
> Priority: Major
>
> In file
> [https://github.com/apache/synapse/blob/3bc7f0c6322d0a59121577c7af027a336f3257c7/modules/core/src/main/java/org/apache/synapse/util/UUIDGenerator.java]
> (at Line 96) "md5" algorithm has been used.
> *Security Impact*:
> The MD5 Message-Digest Algorithm is not collision-resistant, which makes it
> easier for context-dependent attackers to conduct spoofing attacks
> *Useful Resources*:
> https://www.cvedetails.com/cve/CVE-2004-2761/
> *Solution we suggest*:
> Use Sha >= 256 algorithms instead
> *Please share with us your opinions/comments if there is any*:
> Is the bug report helpful?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
