https://bz.apache.org/bugzilla/show_bug.cgi?id=63954

            Bug ID: 63954
           Summary: Security : Weak Encryption: Insecure Mode of Operation
                    (Security Features, Semantic)
           Product: POI
           Version: 4.1.1-FINAL
          Hardware: PC
            Status: NEW
          Severity: critical
          Priority: P2
         Component: POI Overall
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Fortify Report on POI source code identifies the following vulnerability:

Category: Weak Encryption: Insecure Mode of Operation (Security Features,
Semantic)

The function getCipher() in CryptoFunctions.java uses a cryptographic
encryption algorithm with an insecure mode of operation on line 239 & 241:

cipher = Cipher.getInstance(cipherAlgorithm.jceId + "/" + chain.jceId + "/" +
padding, "BC");

cipher = Cipher.getInstance(cipherAlgorithm.jceId + "/" + chain.jceId + "/" +
padding);

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to