[JAVA-2493] Veracode testing identifies ScramSha1Authenticator.java 215 as using broken or risky cryptographic algorithm Created: 18/Apr/17  Updated: 27/Oct/23  Resolved: 20/Apr/17

Status: Closed
Project: Java Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Critical - P2
Reporter: John Cussack Assignee: Unassigned
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate

 Description   

We are using Mongo DB java driver 3.4.1 jar.

When we did a Veracode testing we found that ,
ScramSha1Authenticator.java line no 215 as using broken or risky cryptographic algorithm

Can you please let us know is there an resolution for this issue.

Since it is a critical issue , we have to address it before moving to production.

Can you please help us on this.



 Comments   
Comment by Ross Lawley [ 19/Apr/17 ]

Hi jcussack,

Just checking that my follow up response answered your questions regarding the driver's use of SHA-1.

There is a feature request (SERVER-28237) to implement selectable SCRAM hashing methods, including SCRAM-SHA-256 as defined in RFC 7677, however, there is no current timeline for implementation.

Ross

Comment by Ross Lawley [ 18/Apr/17 ]

To clarify SHA-1 as a standalone algorithm has been proven to be vulnerable. This is what Veracode is reporting - the use of SHA1.

MongoDB 3.0 introduced a new password authentication mechanism called Salted Challenge Response Authentication Mechanism or SCRAM. According to the SCRAM RFC (RFC5802):

For interoperability, all SCRAM clients and servers MUST implement the SCRAM-SHA-1 authentication mechanism, i.e., an authentication mechanism from the SCRAM family that uses the SHA-1 hash function as defined in (RFC3174).

At this time SCRAM-SHA-1 is not believed to be a vulnerable or a risky algorithm. According to NIST:

The use of HMAC-based KDFs is acceptable using an approved hash function, including SHA-1.

So even though internally ScramSha1Authenticator.java uses SHA-1 as apart of the SCRAM algorithm it is an acceptable hashing algorithm. For that reason I believe the Veracode report is showing a false positive.

Finally, SCRAM-SHA-1 is only one of multiple authentication mechanisms for MongoDB. Alternatives include:

  • X.509
  • Kerberos (GSSAPI)
  • LDAP (PLAIN)

These may suit your requirements better, see the authentication documentation for more information.

Ross

Comment by John Cussack [ 18/Apr/17 ]

Thanks for your response.

But,I am afraid I still do not get it.

Do you mean the algorithm used is indeed safer one and not broken as per Veracode.

Can we go ahead with the resolution that it is not an issue. If not I just wanted to know the timeline when we can expect to have it mitigated to a strong algorithm.

Comment by Ross Lawley [ 18/Apr/17 ]

Hi jcussack,

For future reference, the best place for questions regarding MongoDB usage or the Java driver specifics is the mongodb-user mailinglist or stackoverflow as you will reach a boarder audience there. If your business requires an answer from MongoDB within a time frame then we do offer production support.

The line in question does use the SHA-1 algorithm as part of the SCRAM-SHA-1 mongodb authentication. More information about SCRAM-SHA-1 can be found on the MongoDB blog.

I hope that helps answer your questions,

Ross

Generated at Thu Feb 08 08:57:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.