Base64 has weakness

[akondasif]

Greetings,

We are researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of BASE64 usage. CWE says "A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password."

Hopefully, you agree and will fix it.

Source:

gatelink/gatelink-st/src/test/java/com/airhacks/gatelink/keygeneration/KeysResourceIT.java

Line 47 in fa84e2e

byte[] decoded = Base64.getDecoder().decode(first);

and

gatelink/gatelink/src/main/java/com/airhacks/gatelink/encryption/entity/EncryptedContent.java

Line 42 in fa84e2e

return Base64.getUrlEncoder().encodeToString(encoded);

and

gatelink/gatelink/src/main/java/com/airhacks/gatelink/keymanagement/control/KeyLoader.java

Line 41 in fa84e2e

byte[] decodedPrivateKey = Base64.getUrlDecoder().decode(encodedPrivateKey);

and

gatelink/gatelink/src/main/java/com/airhacks/gatelink/keymanagement/entity/ServerKeys.java

Line 33 in fa84e2e

return Base64.getUrlEncoder().withoutPadding().encodeToString(getPrivateKeyAsBytes());