[
https://issues.apache.org/jira/browse/CB-7940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14222134#comment-14222134
]
ASF subversion and git services commented on CB-7940:
-----------------------------------------------------
Commit db508a2ce804747b783b5ae200525bf2ffd7fe02 in cordova-amazon-fireos's
branch refs/heads/master from [~agrieve]
[ https://git-wip-us.apache.org/repos/asf?p=cordova-amazon-fireos.git;h=db508a2
]
CB-7940 Disable exec bridge if bridgeSecret is wrong
> Android's exec() bridge secret should not allow infinite attempts.
> ------------------------------------------------------------------
>
> Key: CB-7940
> URL: https://issues.apache.org/jira/browse/CB-7940
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Reporter: Andrew Grieve
> Assignee: Andrew Grieve
> Priority: Minor
>
> The bridge secret is a 31 bit integer that ensures the bridge is exposed only
> to trusted origins (aka, blocked from malicious iframe content). However,
> right now a malicious iframe can just keep guessing the secret until it finds
> it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
