exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apache Cordova Android 3.6.4 BridgeSecret Weak Randomization

Apache Cordova Android 3.6.4 BridgeSecret Weak Randomization
Posted Nov 21, 2015
Authored by Roee Hay, David Kaplan

Apache Cordova Android versions 3.6.4 and below use a bridge that allows the Native Application to communicate with the HTML and Javascript that control the user interface. To protect this bridge on Android, the framework uses a BridgeSecret to protect it from third-party hijacking. However, the BridgeSecret is not sufficiently random and can be determined in certain scenarios.

tags | advisory, javascript
advisories | CVE-2015-5257
SHA-256 | c28802b86c45a140f404d504fd86bad54b63bcda4837aba120ab9c1831ac675a

Apache Cordova Android 3.6.4 BridgeSecret Weak Randomization

Change Mirror Download
===================================================================
CVE-2015-5257: Weak Randomization of BridgeSecret for Apache Cordova Android

Severity: Low

Vendor:
The Apache Software Foundation

Versions Affected:
Cordova Android versions up to and including 3.6.4

Description:

Cordova uses a bridge that allows the Native Application to communicate
with the HTML and Javascript that control the user interface. To protect
this bridge on Android, the
framework uses a BridgeSecret to protect it from third-party hijacking.
However, the BridgeSecret is not sufficiently random and can be determined
in certain scenarios.

Upgrade Path:
Developers who are concerned about this issue should rebuild their
applications with Cordova Android 4.1.1 or later. Version 3.7.1 and later
do not contain this vulnerability.

Credit: David Kaplan & Roee Hay, IBM X-Force Application Security Research
Team.
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close