Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-4014

Usage of broken hash algorithm detected

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None

    Description

      In file https://github.com/musasesay/mongo-java-driver/blob/033f4a7a0b369a641bf1e81352ee37b102c8ae4f/driver/src/main/com/mongodb/client/gridfs/GridFSUploadStreamImpl.java (at Line 59) "md5" algorithm has been used.

      Security Impact:

      The MD5 Message-Digest Algorithm is not collision-resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks

      Useful Resources:

      https://www.cvedetails.com/cve/CVE-2004-2761/

      Solution we suggest:

      Use Sha >= 256 algorithms instead

      Please share with us your opinions/comments if there is any:

      Is the bug report helpful?

      Attachments

        Activity

          People

            Unassigned Unassigned
            mdmahirasefk@vt.edu Mahir Kabir
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: