Hello, I am a Ph.D. student at Virginia Tech, USA. While working on a security project-related work, we came across the following vulnerability in the source code -
In file https://github.com/apache/lucene-solr/blob/branch_6_6/solr/core/src/java/org/apache/solr/util/CryptoKeys.java <https://github.com/apache/ranger/blob/71e1dd40366c8eb8e9c498b0b5158d85d603af02/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java> (at Line 300) Key Size was set as 1024. *Security Impact*: < 2048 key size for RSA algorithm makes the system vulnerable to brute-force attack *Useful resource*: https://rules.sonarsource.com/java/type/Vulnerability/RSPEC-4426 https://rules.sonarsource.com/java/type/Vulnerability/RSPEC-4426 *Solution we suggest*: For RSA algorithm, the key size should be >= 2048 *Please share with us your opinions/comments if there is any*: Is the bug report helpful? Please let us know what you think about the issue. Any feedback will be appreciated. Thank you, Md Mahir Asef Kabir Ph.D. Student Department of CS Virginia Tech
