microsoft-authentication-library-for-android icon indicating copy to clipboard operation
microsoft-authentication-library-for-android copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Asymmetric cipher with insecure padding used in android kotlin

Open vinaykumarIndia opened this issue 11 months ago • 2 comments

Describe the bug

  • I have implemented com.microsoft.identity.client:msal library:5.8.2 android kotlin i got a high security issue while test our apk :-
  • The app uses the RSA algorithm without Optimal Asymmetric Encryption Padding (OAEP), which weakens the encryption and,
Screenshot 2025-01-03 at 11 14 27 AM Screenshot 2025-01-03 at 11 14 43 AM therefore, makes it easier for the attackers to decrypt the data.
  • RSA encrypts the provided data deterministically. It means that when the same message and encryption key are used as input, the algorithm produces the same output ciphertext every time:

Smartphone (please complete the following information):

  • Android Version: 28+
  • MSAL Version - 5.8.2

vinaykumarIndia avatar Jan 03 '25 05:01 vinaykumarIndia

@vinaykumarIndia - could you please share more data on the references to Google Tink library here in this scenario?

HanishaChowdary avatar Jan 17 '25 06:01 HanishaChowdary

@vinaykumarIndia Can you tell us more about the security issues / warnings you are getting? Which tool is generated these warnings? Is it inside Play Console? or some custom tool?

shahzaibj avatar Jan 23 '25 18:01 shahzaibj