[CB-7940] Android's exec() bridge secret should not allow infinite attempts. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: cordova-android
Labels:
None

Description

The bridge secret is a 31 bit integer that ensures the bridge is exposed only to trusted origins (aka, blocked from malicious iframe content). However, right now a malicious iframe can just keep guessing the secret until it finds it.

Attachments

Activity

People

Assignee:: Andrew Grieve

Reporter:: Andrew Grieve

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Nov/14 20:56

Updated:: 23/Aug/18 07:18

Resolved:: 04/Nov/14 21:00