Please fill out the form below before submitting, thank you!
[ ] Bug exists Release Version 1.2.5 ( Master Branch)
[x] Bug exists in MQTTv3 Client on Snapshot Version 1.2.6-SNAPSHOT (Develop Branch)
[ ] Bug exists in MQTTv5 Client on Snapshot Version 1.2.6-SNAPSHOT (Develop Branch)
During an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub, we randomly inspected a few of the misuses. One of the misuses for which we could confirm as a true positive of the analysis, CogniCryptSAST, is in this project.
In the class SSLSocketFactoryFactory the default protocol is set to TLS. Other analyses, like SonarSource also mark the usage of TLS as critical.
Expected behavior: A secure protocol
Observed behavior: An insecure protocol
Please fill out the form below before submitting, thank you!
During an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub, we randomly inspected a few of the misuses. One of the misuses for which we could confirm as a true positive of the analysis, CogniCryptSAST, is in this project. In the class SSLSocketFactoryFactory the default protocol is set to TLS. Other analyses, like SonarSource also mark the usage of TLS as critical.
Expected behavior: A secure protocol Observed behavior: An insecure protocol
How to Reproduce: