cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard B Knoll (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CB-9734) Potentially Insecure use of buggy RNG in SSL on Android
Date Thu, 01 Oct 2015 22:00:27 GMT
Richard B Knoll created CB-9734:
-----------------------------------

             Summary: Potentially Insecure use of buggy RNG in SSL on Android
                 Key: CB-9734
                 URL: https://issues.apache.org/jira/browse/CB-9734
             Project: Apache Cordova
          Issue Type: Bug
          Components: Android, Plugin File Transfer
         Environment: Android
            Reporter: Richard B Knoll


The linter for Android picked up an error in the way the SSLContext is initialized for the
"all trusting" trust manager in FileTransfer.java. For Android 4.3 and below, java.security.SecureRandom
produces insecure RNG. See http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
for an explanation and a fix. I am not sure how big an issue this actually is because it appears
to only affect code that is used for development purposes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message