You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Richard B Knoll (JIRA)" <ji...@apache.org> on 2015/10/02 00:00:27 UTC
[jira] [Created] (CB-9734) Potentially Insecure use of buggy RNG in
SSL on Android
Richard B Knoll created CB-9734:
-----------------------------------
Summary: Potentially Insecure use of buggy RNG in SSL on Android
Key: CB-9734
URL: https://issues.apache.org/jira/browse/CB-9734
Project: Apache Cordova
Issue Type: Bug
Components: Android, Plugin File Transfer
Environment: Android
Reporter: Richard B Knoll
The linter for Android picked up an error in the way the SSLContext is initialized for the "all trusting" trust manager in FileTransfer.java. For Android 4.3 and below, java.security.SecureRandom produces insecure RNG. See http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html for an explanation and a fix. I am not sure how big an issue this actually is because it appears to only affect code that is used for development purposes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org