Please fill out the form below before submitting, thank you!
[ ] Bug exists Release Version 1.2.5 ( Master Branch)
[ ] Bug exists in MQTTv3 Client on Snapshot Version 1.2.6-SNAPSHOT (Develop Branch)
[x] Bug exists in MQTTv5 Client on Snapshot Version 1.2.6-SNAPSHOT (Develop Branch)
During an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub, we randomly inspected a few of the misuses. One of the misuses for which we could confirm as a true positive of the analysis, CogniCryptSAST, is in this project.
In the class SSLSocketFactoryFactory the initialization of the SSLContext passes a not properly generated randomized (null).
Expected behavior: A properly generated randomized is passed
Observed behavior: Null is passed
Please fill out the form below before submitting, thank you!
During an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub, we randomly inspected a few of the misuses. One of the misuses for which we could confirm as a true positive of the analysis, CogniCryptSAST, is in this project. In the class SSLSocketFactoryFactory the initialization of the SSLContext passes a not properly generated randomized (null).
Expected behavior: A properly generated randomized is passed Observed behavior: Null is passed
How to Reproduce: