Details
-
Improvement
-
Resolution: Done
-
Major - P3
-
None
-
None
-
None
-
None
Description
In file https://github.com/musasesay/mongo-java-driver/blob/033f4a7a0b369a641bf1e81352ee37b102c8ae4f/driver/src/main/com/mongodb/client/gridfs/GridFSUploadStreamImpl.java (at Line 59) "md5" algorithm has been used.
Security Impact:
The MD5 Message-Digest Algorithm is not collision-resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks
Useful Resources:
https://www.cvedetails.com/cve/CVE-2004-2761/
Solution we suggest:
Use Sha >= 256 algorithms instead
Please share with us your opinions/comments if there is any:
Is the bug report helpful?