You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cordova.apache.org by "Andrew Grieve (JIRA)" <ji...@apache.org> on 2014/11/04 21:56:34 UTC

[jira] [Created] (CB-7940) Android's exec() bridge secret should not allow infinite attempts.

Andrew Grieve created CB-7940:
---------------------------------

             Summary: Android's exec() bridge secret should not allow infinite attempts.
                 Key: CB-7940
                 URL: https://issues.apache.org/jira/browse/CB-7940
             Project: Apache Cordova
          Issue Type: Bug
          Components: Android
            Reporter: Andrew Grieve
            Assignee: Andrew Grieve
            Priority: Minor


The bridge secret is a 31 bit integer that ensures the bridge is exposed only to trusted origins (aka, blocked from malicious iframe content). However, right now a malicious iframe can just keep guessing the secret until it finds it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org