A-Amyan

Results 11 issues of A-Amyan

Insecure use of (Insecure cipher mode: ECB) in EncryptionManager.java

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in _EncryptionManager.java_ at lines {911, 923}, which can lead to an attack (e.g., Codebook attack...

Insecure use of (Constant salt in KDF: hardcoded salt) in ClientFactory.java

1 comment

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in ClientFactory.java at line {464}, which can lead to an attack (e.g., Collisions and precomputation...

Insecure use of (Use of weak algorithms: DES, Blowfish, RC2, IDEA) in symmetricAlgTest.java

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in symmetricAlgTest.java at line {72}, which can lead to an attack (e.g., Exhaustive key search...

Insecure use of (Insecure cipher mode: ECB) in symmetricEncryption.java

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in symmetricEncryption.java at lines {35, 49}, which can lead to an attack (e.g., Codebook attack...

Insecure use of (Hard-coded keys: embedding key material) in symmetricEncryption.java

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in _symmetricEncryption.java_ at lines {36, 50}, which can lead to an attack (e.g., Trivial brute-forcing...

Insecure use of (Insecure IV usage: constant IV) in symmetricEncryption.java

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in symmetricEncryption.java at lines {40, 54}, which can lead to an attack (e.g., Semantic security...

Insecure use of (Insecure cipher mode: ECB) in Utils.java

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in _Utils.java_, Cipher at lines {986, 1002}, which can lead to an attack (e.g., Codebook...

Insecure use of (Hard-coded keys: embedding AES key) in CryptixAESEngine.java

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in _CryptixAESEngine.java_ at line {52}, which can lead to an attack (e.g., Key extraction via...

Insecure use of (Insecure IV usage: constant IV) in CryptixAESEngine.java

1 comment

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in _CryptixAESEngine.java_ at line {53}, which can lead to an attack (e.g., Semantic security is...

Insecure use of (Hard-coded keys: embedding JWT secret in test) in JwtTokenTest.java

1 comment

We are a German research group investigating the misuse of cryptographic APIs. We found vulnerabilities in _JwtTokenTest.java_ at line {28}, which can lead to an attack (e.g., Trivial brute-forcing or...