search

SamDecrock / node-http-ntlm

Node.js module to authenticate using HTTP NTLM
MIT License
192 stars 89 forks source link

Empty Encryption Key #106

Closed coskunaydinoglu closed 1 year ago

coskunaydinoglu commented 1 year ago

We got the following issue in fortify code scan for the line https://github.com/SamDecrock/node-http-ntlm/blob/master/ntlm.js#L168

"Key Management: Empty Encryption Key" I don't know it is false positive or not empty key is used

SamDecrock commented 1 year ago

That's the way the protocol works. So blame Microsoft ;-)