InformationThe SRP protocol is a public key exchange protocol similar to Diffie-Hellman. The default implementation of the SRPVerifierStore interface is not recommended for a production security environment because it requires all password hash information to be available as a file of serialized objects.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
SolutionApplication developers should not use the default implementation for SRPVerifierStore, and should extend it to avoid the use of serialized password objects.