kishore kumar created CAMEL-8606:
------------------------------------
Summary: Attack Vector: java.util.Random.nextInt
Key: CAMEL-8606
URL: https://issues.apache.org/jira/browse/CAMEL-8606
Project: Camel
Issue Type: Improvement
Components: camel-core
Reporter: kishore kumar
Standard random number generators do not provide a sufficient amount of entropy
when used for security purposes. Attackers can brute force the output of
pseudorandom number generators such as rand().
Remediation: If this random number is used where security is a concern, such as
generating a session key or session identifier, use a trusted cryptographic
random number generator instead. These can be found on the Windows platform in
the CryptoAPI or in an open source library such as OpenSSL. In Java, use the
SecureRandom object to ensure sufficient entropy.
Few classes used java.util.Random.
WeightedRandomLoadBalancer.java: 56
RedeliveryPolicy.java: 221
FileUtil.java: 330
RandomLoadBalancer.java: 44
FileUtil.java: 334
OptimisticLockRetryPolicy.java: 63
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
