[
https://issues.apache.org/jira/browse/PHOENIX-6367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Viraj Jasani resolved PHOENIX-6367.
-----------------------------------
Resolution: Duplicate
Resolving as duplicate to VXQUERY-247
> Usage of broken hash algorithm detected
> ---------------------------------------
>
> Key: PHOENIX-6367
> URL: https://issues.apache.org/jira/browse/PHOENIX-6367
> Project: Phoenix
> Issue Type: Improvement
> Reporter: Md Mahir Asef Kabir
> Priority: Major
>
> In file
> [https://github.com/apache/vxquery/blob/5d1175d2cb04a54ba751295f2ac67daec38bf723/vxquery-core/src/main/java/org/apache/vxquery/runtime/functions/index/update/MetaFileUtil.java]
> (at Line 155) "md5" algorithm has been used.
> *Security Impact*:
> The MD5 Message-Digest Algorithm is not collision-resistant, which makes it
> easier for context-dependent attackers to conduct spoofing attacks
> *Useful Resources*:
> https://www.cvedetails.com/cve/CVE-2004-2761/
> *Solution we suggest*:
> Use Sha >= 256 algorithms instead
> *Please share with us your opinions/comments if there is any*:
> Is the bug report helpful?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
