passport-reader icon indicating copy to clipboard operation
passport-reader copied to clipboard

Published 20 hours ago verified publisher icon tananaev

Cryptographic APIs misuses

Open misterAnderson90 opened this issue 2 years ago • 0 comments

I'm a PhD student interested in finding security vulnerabilities in open source projects.

We found a total of 48 warnings (indicating potential vulnerabilities) when running the CogniCrypt static analyzer (*) on e-Passport NFC Reader (or its library dependencies). We documented each one of these issues in private gists for the sake of confidentiality (non-disclosure).

Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve e-Passport NFC Reader's security, and the quality of the reports of static analysis tools.

(*) https://github.com/CROSSINGTUD/CryptoAnalysis

misterAnderson90 avatar May 05 '22 21:05 misterAnderson90