Ubuntu
rampart package

BUG - Use of a Broken or Risky Cryptographic Algorithm - SymmetricBindingBuilder.java 753

Bug #1409124 reported by David Camilo
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rampart (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

We are currently using "rampart-core-1.5.2.jar" and the veracode analysis found a bug in this class .../SymmetricBindingBuilder.java (Version 1.5.2 line 753 and Version 1.6.2 Line 750 )

Use of a Broken or Risky Cryptographic Algorithm

Description:

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the disclosure of
sensitive information.

Thanks.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

I can't find any SymmetricBindingBuilder.java nor jar files in the rampart source package; are you confident this is the correct package?

The description of librampart0 indicates it is to be used with Axis2/c -- if you're performing audits, I suspect that would be a fruitful place to start. I reported SSL vulnerabilities to them 1.5 years ago and never got a response. I suspect security is not a top priority for these projects.

Thanks

information type: Private Security → Public
Changed in rampart (Ubuntu):
status: New → Invalid
information type: Public → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.