Hello guys.
Time-to-time we perform a Veracode security scan of our project compiled artifacts.
In addition to our code analysis, it also checks used 3rd-party libraries as well.
The latest scan has identified several security issues related to pubnub-gson-6.4.1.jar
I would be grateful for your opinion on this.
Here is the list of findings:
CWE-327, Use of a Broken or Risky Cryptographic Algorithm (Medium severity):
Hello guys. Time-to-time we perform a Veracode security scan of our project compiled artifacts. In addition to our code analysis, it also checks used 3rd-party libraries as well. The latest scan has identified several security issues related to pubnub-gson-6.4.1.jar I would be grateful for your opinion on this.
Here is the list of findings:
CWE-327, Use of a Broken or Risky Cryptographic Algorithm (Medium severity):
Looks like both lines instantiate the class IvParameterSpec which is considered unsafe.
I would be glad to know what you think of it.
Thank you in advance.