Open spdeol20 opened 1 week ago
Can you provide the report that claims this?
BSI organisation tested our app and they raised the issue in your sdk that you using weak encryption so I reported here we using your sdk for cognito and appsync
Can you please provide detailed analysis to the team so that we can investigate further (as also requested above)?
The current information we have is not enough for us to further look into the issue.
@spdeol20 Specifically when we've seen reports like this, it comes with the report that specifically calls out the class in question with an explanation of what the possible issue would be. The SDKs for Cognito and AppSync are large so we need more details in order to investigate.
Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms. "RSA/ECB/PKCS1Padding";