Weak Cryptographic Hashes Being Used In Soft Token App
(Doc ID 2810860.1)
Last updated on MAY 12, 2022
Applies to:
Oracle Banking Digital Experience - Version 20.1.0.0.0 to 21.1.0.0.0 [Release 20 to 21]Information in this document applies to any platform.
Symptoms
ACTUAL BEHAVIOR
---------------
The present cryptographic hashes used in the application are susceptible to attacks and hence have been marked as obsolete as per the latest coding standards.
EXPECTED BEHAVIOR
-----------------------
SA-256 or above to be used to perform one way hashing for better security and integrity of data.
STEPS
-----------------------
There are no steps as such. This is a vulnerability that has been highlighted by the Bank security team.
BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, Bank users feel that the applivcation is vulnerable to attacks.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |