i2p.i2p icon indicating copy to clipboard operation
i2p.i2p copied to clipboard

Published 20 hours ago verified publisher icon i2p

2 uses of risky/ broken cryptograhic alogrithm CVE

Open s-b-repo opened this issue 2 years ago • 3 comments

line #22 // a NoSuchAlgorithmException } catch (NoSuchMethodError nsme) { // JamVM, gij try { Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");

The CBC mode used in javax.crypto.Cipher.getInstance does not provide integrity. Consided using Galois/Counter Mode. [‎core/java/src/net/i2p/crypto/CryptoCheck.java]

line 272 private Cipher acquire() { Cipher rv = _ciphers.poll(); if (rv == null) { try { rv = Cipher.getInstance("AES/CBC/NoPadding");

The CBC mode used in javax.crypto.Cipher.getInstance does not provide integrity. Consided using Galois/Counter Mode. [‎core/java/src/net/i2p/crypto/CryptixAESEngine.java]

s-b-repo avatar Oct 17 '23 21:10 s-b-repo

Worth a look. Can you please identify the tool you've been using? I need to see what it's actually looking for.

eyedeekay avatar Oct 18 '23 00:10 eyedeekay

snyk make a fork

s-b-repo avatar Oct 18 '23 02:10 s-b-repo

Worth a look. Can you please identify the tool you've been using? I need to see what it's actually looking for.

it uses code analysis

s-b-repo avatar Oct 19 '23 18:10 s-b-repo