aws-sdk-android icon indicating copy to clipboard operation
aws-sdk-android copied to clipboard
verified publisher icon aws-amplify

Weak Hash APIs and Insecure Random Functions

Open agnihotriayush opened this issue 3 years ago • 0 comments

Which AWS Services is the feature request for? com.amazonaws:aws-android-sdk-s3:2.7.+

Is your feature request related to a problem? Please describe. The android application was found to use various dangerous and insecure functions as well as APIs. The following affected APIs and functions are listed below: Weak hash APIs: AWS was found to be using MD5. These standards are no longer regarded as secure. Insecure Random Functions: AWS was found to be using java.util.Random. Use of these functions is not cryptographically secure for generating pseudorandom numbers.

Weak Hash APIs o com/amazonaws/services/s3/internal/MD5DigestCalculatingInputStream.java o com/amazonaws/services/s3/AmazonS3Client.java o com/amazonaws/util/Md5Utils.java Insecure Random Functions o com/amazonaws/retry/PredefinedRetryPolicies.java

Describe the solution you'd like Investigate whether or not these dangerous functions are employed in a way where buffer overflow conditions will be allowed. Switch to alternate and secure functions and stronger hashing algorithms

agnihotriayush avatar Sep 23 '22 10:09 agnihotriayush