Mobile wallet parses unencrypted messages

MyHush / SilentDragonAndroid

Android companion app for SilentDragon

https://www.myhush.org

GNU General Public License v3.0

5 stars 12 forks source link

Mobile wallet parses unencrypted messages #69

Open leto opened 4 years ago

leto commented 4 years ago

TOB-ZEC-002 from https://github.com/trailofbits/publications/blob/master/reviews/zecwallet.pdf

Fix:

the parseResponse function should be split into two functions: a function
which performs decryption of the payload, and a function which parses decrypted
payloads. This way, encryption will always be expected.