aws-sdk-android icon indicating copy to clipboard operation
aws-sdk-android copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms.

Open spdeol20 opened this issue 1 year ago • 2 comments
trafficstars

Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms. "RSA/ECB/PKCS1Padding";

spdeol20 avatar Oct 16 '24 14:10 spdeol20

Can you provide the report that claims this?

vincetran avatar Oct 16 '24 16:10 vincetran

BSI organisation tested our app and they raised the issue in your sdk that you using weak encryption so I reported here we using your sdk for cognito and appsync

spdeol20 avatar Oct 17 '24 07:10 spdeol20

Can you please provide detailed analysis to the team so that we can investigate further (as also requested above)?

  • Code snippets
  • Reports that you recieved
  • Claims that the report has made.
  • Suggestions from the report (if any)

The current information we have is not enough for us to further look into the issue.

harsh62 avatar Oct 21 '24 16:10 harsh62

@spdeol20 Specifically when we've seen reports like this, it comes with the report that specifically calls out the class in question with an explanation of what the possible issue would be. The SDKs for Cognito and AppSync are large so we need more details in order to investigate.

vincetran avatar Oct 23 '24 17:10 vincetran

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.

github-actions[bot] avatar Jan 14 '25 14:01 github-actions[bot]