You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cordova.apache.org by "Richard B Knoll (JIRA)" <ji...@apache.org> on 2015/10/02 00:00:27 UTC

[jira] [Created] (CB-9734) Potentially Insecure use of buggy RNG in SSL on Android

Richard B Knoll created CB-9734:
-----------------------------------

             Summary: Potentially Insecure use of buggy RNG in SSL on Android
                 Key: CB-9734
                 URL: https://issues.apache.org/jira/browse/CB-9734
             Project: Apache Cordova
          Issue Type: Bug
          Components: Android, Plugin File Transfer
         Environment: Android
            Reporter: Richard B Knoll


The linter for Android picked up an error in the way the SSLContext is initialized for the "all trusting" trust manager in FileTransfer.java. For Android 4.3 and below, java.security.SecureRandom produces insecure RNG. See http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html for an explanation and a fix. I am not sure how big an issue this actually is because it appears to only affect code that is used for development purposes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org