SAP/cf-java-logging-support

Weak Encryption: Insufficient Key Size

QiAnXinCodeSafe opened this issue 6 years ago · 1 comments

QiAnXinCodeSafe commented 6 years ago

cf-java-logging-support/cf-java-logging-support-servlet/src/main/java/com/sap/hcp/cf/logging/servlet/dynlog/TokenCreator.java

Line 65 in e626102

keyGen.initialize(512);

An otherwise strong encryption algorithm is vulnerable to brute-force attack when an insufficient key size is used.

KarstenSchnitter commented 6 years ago

Fixed by #58.