Thibaut SAUTEREAU created JAMES-2201:
----------------------------------------
Summary: Vulnerable to SHAttered attack
Key: JAMES-2201
URL: https://issues.apache.org/jira/browse/JAMES-2201
Project: James Server
Issue Type: Bug
Components: mailbox
Affects Versions: master
Reporter: Thibaut SAUTEREAU
Priority: Minor
Fix For: master
Given the way SHA-1 is used to index attachments, it is vulnerable to the
SHAttered attack (https://shattered.io/), meaning you can overwrite the
attachment of a first email with a second email).
It is not critical yet as it took a lot of computational power from Google to
generate those 2 PDFs, but this issue will probably become widespread in coming
years and I think switching to SHA-256 for instance is a low hanging fruit
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
