Topic: SimpleViewer SWF Vulnerabilities

Hi, I ran the Flash file for SimpleViewer against HP SWFScan and received the following vulnerabilities:

SWFScan Vulnerability Report:
a) MD5 Hash Detected
     Fix: The application should only use cryptographically secure hashing algorithms, such as SHA-224, SHA-256, SHA-384, or SHA-512. Hashes representing sensitive data should be salted to reduce the effectiveness of rainbow tables.
b) Debug Messaging
     Fix: Set 'Omit Trace Actions' to 'true'. The Omit Trace Actions flag in Flash development environments tells the compiler to remove any trace commands when creating the compiled SWF file. This will make the published SWF smaller and it will remove any excess information or actions from the SWF.
c) Potentially Interesting Name Encountered
     Fix: Before an application moves into production, make sure it is configured securely, and that information of potential value to an attacker is not being left in your application code. If applicable, remove this information from the production server.
d) Possible Application Information Disclosure
     Fix: Before an application moves into production, make sure it is configured securely, and that information of potential value to an attacker is not being left in your application code. If applicable, remove this information from the production server.

The scan can be found here: https://h30406.www3.hp.com/campaigns/20 … hp?key=swf

One of my clients requires that the HPSWF scan returns a clean result.  Any way the SV team can quickly fix these?  They seem like pretty simple fixes from our end.