You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cordova.apache.org by "Andrew Grieve (JIRA)" <ji...@apache.org> on 2014/11/04 22:01:33 UTC

[jira] [Resolved] (CB-7940) Android's exec() bridge secret should not allow infinite attempts.

     [ https://issues.apache.org/jira/browse/CB-7940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Grieve resolved CB-7940.
-------------------------------
    Resolution: Fixed

Fixed in 3.7.0-dev

> Android's exec() bridge secret should not allow infinite attempts.
> ------------------------------------------------------------------
>
>                 Key: CB-7940
>                 URL: https://issues.apache.org/jira/browse/CB-7940
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android
>            Reporter: Andrew Grieve
>            Assignee: Andrew Grieve
>            Priority: Minor
>
> The bridge secret is a 31 bit integer that ensures the bridge is exposed only to trusted origins (aka, blocked from malicious iframe content). However, right now a malicious iframe can just keep guessing the secret until it finds it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org