search

jitbit / AspNetSaml

Very simple SAML 2.0 consumer module for ASP.NET/C#
https://www.jitbit.com
Apache License 2.0
361 stars 118 forks source link

Fortify #45

Closed savy-creator closed 1 year ago

savy-creator commented 3 years ago

Hi, I would like to know how the following issue can be solved in the code. Weak Encryption: Inadequate RSA Padding. Which was identified by Fortify during a security check. On the bold lines

Would it be to altogether use a different SignatureDescription.Or would Fortify have raised a false positive issue.

             public override AsymmetricSignatureDeformatter CreateDeformatter(AsymmetricAlgorithm key)
    {
        if (key == null)
            throw new ArgumentNullException("key");

        **RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
        deformatter.SetHashAlgorithm("SHA256");**
        return deformatter;
    }
alex-jitbit commented 2 years ago

I'm not sure this is our code