async-http-client icon indicating copy to clipboard operation
async-http-client copied to clipboard

Published 20 hours ago verified publisher icon AsyncHttpClient

Insecure cipher and hash function usage

Open xingweitian opened this issue 4 years ago • 0 comments

Hi there, we found that the following places using the insecure cipher and hash functions:

/home/xwt/IdeaProjects/async-http-client-latest/client/src/main/java/org/asynchttpclient/util/MessageDigestUtils.java:23: error: [algorithm.not.allowed] Algorithm: MD5 is not allowed by the current rules
      return MessageDigest.getInstance("MD5");
                                       ^
/home/xwt/IdeaProjects/async-http-client-latest/client/src/main/java/org/asynchttpclient/util/MessageDigestUtils.java:31: error: [algorithm.not.allowed] Algorithm: SHA1 is not allowed by the current rules
      return MessageDigest.getInstance("SHA1");
                                       ^
/home/xwt/IdeaProjects/async-http-client-latest/client/src/main/java/org/asynchttpclient/ntlm/NtlmEngine.java:505: error: [algorithm.not.allowed] Algorithm: MD5 is not allowed by the current rules
            final MessageDigest md5 = MessageDigest.getInstance("MD5");
                                                                ^
/home/xwt/IdeaProjects/async-http-client-latest/client/src/main/java/org/asynchttpclient/ntlm/NtlmEngine.java:1464: error: [algorithm.not.allowed] Algorithm: MD5 is not allowed by the current rules
                md5 = MessageDigest.getInstance("MD5");
                                                ^
/home/xwt/IdeaProjects/async-http-client-latest/client/src/main/java/org/asynchttpclient/ntlm/NtlmEngine.java:446: error: [algorithm.not.allowed] Algorithm: DES/ECB/NOPADDING is not allowed by the current rules
                    Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
                                                    ^
/home/xwt/IdeaProjects/async-http-client-latest/client/src/main/java/org/asynchttpclient/ntlm/NtlmEngine.java:449: error: [algorithm.not.allowed] Algorithm: DES/ECB/NOPADDING is not allowed by the current rules
                    des = Cipher.getInstance("DES/ECB/NoPadding");
                                             ^
/home/xwt/IdeaProjects/async-http-client-latest/client/src/main/java/org/asynchttpclient/ntlm/NtlmEngine.java:473: error: [algorithm.not.allowed] Algorithm: RC4 is not allowed by the current rules
            final Cipher rc4 = Cipher.getInstance("RC4");
                                                  ^
/home/xwt/IdeaProjects/async-http-client-latest/client/src/main/java/org/asynchttpclient/ntlm/NtlmEngine.java:538: error: [algorithm.not.allowed] Algorithm: DES/ECB/NOPADDING is not allowed by the current rules
            final Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
                                                  ^
/home/xwt/IdeaProjects/async-http-client-latest/client/src/main/java/org/asynchttpclient/ntlm/NtlmEngine.java:626: error: [algorithm.not.allowed] Algorithm: DES/ECB/NOPADDING is not allowed by the current rules
            final Cipher des = Cipher.getInstance("DES/ECB/NoPadding");
                                                  ^

xingweitian avatar Mar 29 '21 05:03 xingweitian