cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Bowser (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CB-9734) Potentially Insecure use of buggy RNG in SSL on Android
Date Mon, 18 Jan 2016 23:06:39 GMT

     [ https://issues.apache.org/jira/browse/CB-9734?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Joe Bowser updated CB-9734:
---------------------------
         Labels: Android security  (was: security)
    Component/s:     (was: Android)

> Potentially Insecure use of buggy RNG in SSL on Android
> -------------------------------------------------------
>
>                 Key: CB-9734
>                 URL: https://issues.apache.org/jira/browse/CB-9734
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin File Transfer
>         Environment: Android
>            Reporter: Richard B Knoll
>              Labels: Android, security
>
> The linter for Android picked up an error in the way the SSLContext is initialized for
the "all trusting" trust manager in FileTransfer.java. For Android 4.3 and below, java.security.SecureRandom
produces insecure RNG. See http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
for an explanation and a fix. I am not sure how big an issue this actually is because it appears
to only affect code that is used for development purposes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message