cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jcesarmobile (JIRA)" <>
Subject [jira] [Closed] (CB-12441) RSA algorithm is missing the OAEP padding
Date Thu, 09 Feb 2017 22:34:41 GMT


jcesarmobile closed CB-12441.
    Resolution: Invalid
      Assignee: jcesarmobile

I can't find any occurrence of javax.crypto.Cipher.getInstance on cordova-android or any core

Please, if you are going to continue reporting veracode issues, provide more information like
file names were the vulnerability is or even line numbers if possible.

> RSA algorithm is missing the OAEP padding
> -----------------------------------------
>                 Key: CB-12441
>                 URL:
>             Project: Apache Cordova
>          Issue Type: Bug
>            Reporter: Sahil
>            Assignee: jcesarmobile
> We have used cordova for an android hybrid app edvelopment and found following error
in VARACODE security scan
> Attack Vector: javax.crypto.Cipher.getInstance
> Description: This usage of the RSA algorithm is missing the OAEP padding scheme, which
effectively weakens the encryption.
> Remediation: Use OAEP padding scheme when using RSA algorithm for encryption/decryption.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message