Spotted this during a routine penetration testing exercise
This class: com/pubnub/api/vendor/Crypto.java
Potential Issues
- Configuration is vulnerable to padding oracle attacks : Encryption mode CBC with PKCS5/PKCS7 padding
- MD5 is also a weak hash known to have hash collisions.
The following algorithms are recommended:
Confidentiality algorithms: AES-GCM-256 or ChaCha20-Poly1305
Integrity algorithms: SHA-256, SHA-384, SHA-512, Blake2, the SHA-3 family
Digital signature algorithms: RSA (3072 bits and higher), ECDSA with NIST P-384
Key establishment algorithms: RSA (3072 bits and higher), DH (3072 bits or higher), ECDH with NIST P-384
Spotted this during a routine penetration testing exercise
This class:
com/pubnub/api/vendor/Crypto.javaPotential Issues
The following algorithms are recommended:
Confidentiality algorithms: AES-GCM-256 or ChaCha20-Poly1305
Integrity algorithms: SHA-256, SHA-384, SHA-512, Blake2, the SHA-3 family
Digital signature algorithms: RSA (3072 bits and higher), ECDSA with NIST P-384
Key establishment algorithms: RSA (3072 bits and higher), DH (3072 bits or higher), ECDH with NIST P-384