Closed krishnapatait closed 1 year ago
That request code is not used to secure any private information. Braze Intents are secured via explicit package class assignment, as per Android recommendations.
Thus the "insecure cryptography" error does not apply here. Usually tools will just see random and flag them but are not sophisticated enough to understand the usage.
Braze Android SDK Version
23.0.1
Steps To Reproduce
CWE: CWE-330: Use of Insufficiently Random Values OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-6
Expected Behavior
Secure randomisation should be used.
Actual Incorrect Behavior
Insecure randomization is used
Verbose Logs
Additional Information
We need to resolve this as soon as possible.