You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Andrew Grieve (JIRA)" <ji...@apache.org> on 2014/11/04 21:56:34 UTC
[jira] [Created] (CB-7940) Android's exec() bridge secret should
not allow infinite attempts.
Andrew Grieve created CB-7940:
---------------------------------
Summary: Android's exec() bridge secret should not allow infinite attempts.
Key: CB-7940
URL: https://issues.apache.org/jira/browse/CB-7940
Project: Apache Cordova
Issue Type: Bug
Components: Android
Reporter: Andrew Grieve
Assignee: Andrew Grieve
Priority: Minor
The bridge secret is a 31 bit integer that ensures the bridge is exposed only to trusted origins (aka, blocked from malicious iframe content). However, right now a malicious iframe can just keep guessing the secret until it finds it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org