You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Andrew Grieve (JIRA)" <ji...@apache.org> on 2014/11/04 22:01:33 UTC
[jira] [Resolved] (CB-7940) Android's exec() bridge secret should
not allow infinite attempts.
[ https://issues.apache.org/jira/browse/CB-7940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Grieve resolved CB-7940.
-------------------------------
Resolution: Fixed
Fixed in 3.7.0-dev
> Android's exec() bridge secret should not allow infinite attempts.
> ------------------------------------------------------------------
>
> Key: CB-7940
> URL: https://issues.apache.org/jira/browse/CB-7940
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Reporter: Andrew Grieve
> Assignee: Andrew Grieve
> Priority: Minor
>
> The bridge secret is a 31 bit integer that ensures the bridge is exposed only to trusted origins (aka, blocked from malicious iframe content). However, right now a malicious iframe can just keep guessing the secret until it finds it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org