wzijden
commented
3 years ago I ran into this issue as well. I made a fix that updates to OAEPPadding: https://github.com/mibrito707/cordova-plugin-secure-storage-echo/commit/14ca6a5b20fe5d22937b22250665482b3d7e953e, but the caveat is that this will cause problems for Android < 23 as per https://developer.android.com/training/articles/keystore#SupportedCiphers. Some work is needed to make sure it keeps working on those lower APIs, but then again, it will probably still trigger the Vulnerability scan if you would do that.
We use this library in our android app. A Veracode Vulnerability scan reported the below issue in this library.
http://cwe.mitre.org/data/definitions/780.html CWE-780: Use of RSA Algorithm without OAEP
The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.
File - AbstractRSA.java
private Cipher getCipher() { try { return Cipher.getInstance("RSA/ECB/PKCS1Padding"); } catch (Exception e) { return null; } }