Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.0.9, 3.0.0 PDFBox
-
None
-
None
Description
Rumen Paletov creates the following issue for Android-Pdfbox on github:
As part of some research about the common crypto mistakes that developers make, I noticed that your application has one of them.
In StandardSecurityHandler.prepareEncryptionDictRev6 you're initializing Cipher instances with a static IV of 0s which is insecure. More details about this issue and how to fix it are available here.
This is true for "our" PDFBox as well