[
https://issues.apache.org/jira/browse/CB-7940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14200889#comment-14200889
]
ASF subversion and git services commented on CB-7940:
-----------------------------------------------------
Commit 032ea8a8d386d8bcffc5de7fd3e4202478effb7d in cordova-android's branch
refs/heads/4.0.x from [~agrieve]
[ https://git-wip-us.apache.org/repos/asf?p=cordova-android.git;h=032ea8a ]
CB-7940 Disable exec bridge if bridgeSecret is wrong
> Android's exec() bridge secret should not allow infinite attempts.
> ------------------------------------------------------------------
>
> Key: CB-7940
> URL: https://issues.apache.org/jira/browse/CB-7940
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Reporter: Andrew Grieve
> Assignee: Andrew Grieve
> Priority: Minor
>
> The bridge secret is a 31 bit integer that ensures the bridge is exposed only
> to trusted origins (aka, blocked from malicious iframe content). However,
> right now a malicious iframe can just keep guessing the secret until it finds
> it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
