[
https://issues.apache.org/jira/browse/CAMEL-8606?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
kishore kumar updated CAMEL-8606:
---------------------------------
We are using Apache camel 2.13.2 version and also request you provide any
resolution to get resolve from this violation issue.
> Attack Vector: java.util.Random.nextInt
> ---------------------------------------
>
> Key: CAMEL-8606
> URL: https://issues.apache.org/jira/browse/CAMEL-8606
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Reporter: kishore kumar
>
> Standard random number generators do not provide a sufficient amount of
> entropy when used for security purposes. Attackers can brute force the output
> of pseudorandom number generators such as rand().
> Remediation: If this random number is used where security is a concern, such
> as generating a session key or session identifier, use a trusted
> cryptographic random number generator instead. These can be found on the
> Windows platform in the CryptoAPI or in an open source library such as
> OpenSSL. In Java, use the SecureRandom object to ensure sufficient entropy.
> Few classes used java.util.Random.
> WeightedRandomLoadBalancer.java: 56
> RedeliveryPolicy.java: 221
> FileUtil.java: 330
> RandomLoadBalancer.java: 44
> FileUtil.java: 334
> OptimisticLockRetryPolicy.java: 63
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
