Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-2498

Standard Random Number Generator used in BaseCluster is not safe

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Works as Designed
    • Icon: Critical - P2 Critical - P2
    • None
    • None
    • None
    • None

    Description

      Hi,

      We got the below issue when we ran Veracode testing our code.

      Insufficient Entropy (CWE ID 331)

      Class : BaseCluster.java
      line no: 336

      We are using mongo-java-driver-3.4.1.jar

      As per the issue, it seems standard random number generator has been used when a more secure cryptograpic generator should have been used.

      Is this a false positive from Veracode and can it be safely ignored.

      If not, can you please let us know if it can be mitigated in java driver code.

      Thanks,
      lauriep

      Attachments

        Activity

          People

            Unassigned Unassigned
            lauriep Laurie paul
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: