Andreas Lehmkühler created PDFBOX-4191:

             Summary: Initialization vectors should be randomly generated for 
proper security guarantees
                 Key: PDFBOX-4191
             Project: PDFBox
          Issue Type: Bug
          Components: Crypto
    Affects Versions: 2.0.9, 3.0.0 PDFBox
            Reporter: Andreas Lehmkühler
            Assignee: Andreas Lehmkühler

Rumen Paletov creates the following issue for Android-Pdfbox on github:
As part of some research about the [common crypto mistakes that developers 
 I noticed that your application has one of them.

In StandardSecurityHandler.prepareEncryptionDictRev6 you're initializing Cipher 
instances with a static IV of 0s which is insecure. More details about this 
issue and how to fix it are available 

This is true for "our" PDFBox as well

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to