When performing a security assessment scan of our application, which uses your SDK, this vulnerability was found:
The App uses ECB mode in Cryptographic encryption algorithm. ECB mode is known to be weak as it results in the same ciphertext for identical blocks of plaintext.
CWE: CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP Top 10: M5: Insufficient Cryptography
OWASP MASVS: MSTG-CRYPTO-2
Found in: io/mega/megablelib/UtilsCrypt.java in megablelibopen-1.6.25.aar
Can this get fixed allowing our app to pass the scans?
When performing a security assessment scan of our application, which uses your SDK, this vulnerability was found:
The App uses ECB mode in Cryptographic encryption algorithm. ECB mode is known to be weak as it results in the same ciphertext for identical blocks of plaintext.
CWE: CWE-327: Use of a Broken or Risky Cryptographic Algorithm OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-2
Found in: io/mega/megablelib/UtilsCrypt.java in megablelibopen-1.6.25.aar
Can this get fixed allowing our app to pass the scans?
Note: This is related to another previously posted security assessment scan result found here: https://github.com/megahealth/TestBleLib/issues/2,