Use of hard-coded security token reported by a static analysis tool
khaledhikmat opened this issue · comments
Khaled Hikmat commented
Hi, thank you for this library.
I am using it successfully in an enterprise for Kerberos access. Recently our Polaris tool reported use of hard-coded security token
issue with this library in these two files:
- https://github.com/jcmturner/gokrb5/blob/master/v8/crypto/aes128-cts-hmac-sha256-128.go and
- https://github.com/jcmturner/gokrb5/blob/master/v8/crypto/aes256-cts-hmac-sha384-192.go
I am not in a position to fully understand how to remedy this, can you please give me some pointers or justifications about this issue? Thank you.