[jira] [Updated] (CB-9734) Potentially Insecure use of buggy RNG in SSL on Android

Joe Bowser (JIRA) Mon, 18 Jan 2016 15:07:03 -0800

     [ 
https://issues.apache.org/jira/browse/CB-9734?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Joe Bowser updated CB-9734:
---------------------------
         Labels: Android security  (was: security)
    Component/s:     (was: Android)

> Potentially Insecure use of buggy RNG in SSL on Android
> -------------------------------------------------------
>
>                 Key: CB-9734
>                 URL: https://issues.apache.org/jira/browse/CB-9734
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin File Transfer
>         Environment: Android
>            Reporter: Richard B Knoll
>              Labels: Android, security
>
> The linter for Android picked up an error in the way the SSLContext is 
> initialized for the "all trusting" trust manager in FileTransfer.java. For 
> Android 4.3 and below, java.security.SecureRandom produces insecure RNG. See 
> http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
>  for an explanation and a fix. I am not sure how big an issue this actually 
> is because it appears to only affect code that is used for development 
> purposes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (CB-9734) Potentially Insecure use of buggy RNG in SSL on Android

Reply via email to