Inadequate Encryption Strength Affecting org.apache.wicket:wicket-core package, versions [,1.5.13) [6.0.0,6.19.0) [7-alpha,7.0.0-M5)


0.0
high
  • Attack Complexity

    Low

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHEWICKET-31016

  • published

    19 Oct 2015

  • disclosed

    19 Oct 2015

  • credit

    Fabian Faessler

Overview

org.apache.wicket:wicket-core Affected versions of the package are vulnerable to Inadequate Encryption Strength. With Wicket's default security settings the usage of CryptoMapper to encrypt/obfuscate pages' urls is not strong enough. It is possible to predict the encrypted version of an url based on the previous history.