RxFingerprint icon indicating copy to clipboard operation
RxFingerprint copied to clipboard

Published 20 hours ago verified publisher icon Mauin

ANDROID KEYSTORE WITHOUT PASSCODE in CipherProvider class

Open sachinmandhare1990 opened this issue 3 years ago • 1 comments

the application makes use of a Keystore with no passcode set. Android KeyStores can be configured to require a password or passphrase before granting access to its contents. The configuration means that should attackers gain control of the device they may be able to extract any secret keys embedded in the application.

sachinmandhare1990 avatar May 28 '21 08:05 sachinmandhare1990

the application makes use of a Keystore with no passcode set. Android KeyStores can be configured to require a password or passphrase before granting access to its contents. The configuration means that should attackers gain control of the device they may be able to extract any secret keys embedded in the application.

Can you please provide steps to reproduce your attack and show any impact?

man3kin3ko avatar Mar 17 '23 15:03 man3kin3ko