Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms.

aws-amplify / aws-sdk-android

AWS SDK for Android. For more information, see our web site:

https://docs.amplify.aws

Other

1.03k stars 549 forks source link

Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms. #3644

Open spdeol20 opened 1 week ago

spdeol20 commented 1 week ago

Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms. "RSA/ECB/PKCS1Padding";

vincetran commented 1 week ago

Can you provide the report that claims this?

spdeol20 commented 1 week ago

BSI organisation tested our app and they raised the issue in your sdk that you using weak encryption so I reported here we using your sdk for cognito and appsync

harsh62 commented 5 days ago

Can you please provide detailed analysis to the team so that we can investigate further (as also requested above)?

Code snippets
Reports that you recieved
Claims that the report has made.
Suggestions from the report (if any)

The current information we have is not enough for us to further look into the issue.

vincetran commented 3 days ago

@spdeol20 Specifically when we've seen reports like this, it comes with the report that specifically calls out the class in question with an explanation of what the possible issue would be. The SDKs for Cognito and AppSync are large so we need more details in order to investigate.