[
https://issues.apache.org/jira/browse/CB-9734?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
jcesarmobile closed CB-9734.
----------------------------
Resolution: Fixed
This was fixed long time ago, probably in a duplicate issue and we missed this
one.
Anyway, the plugin has been deprecated.
Read the blog post about the alternatives
https://cordova.apache.org/blog/2017/10/18/from-filetransfer-to-xhr2.html
> Potentially Insecure use of buggy RNG in SSL on Android
> -------------------------------------------------------
>
> Key: CB-9734
> URL: https://issues.apache.org/jira/browse/CB-9734
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-plugin-file-transfer (DEPRECATED)
> Environment: Android
> Reporter: Richard B Knoll
> Priority: Major
> Labels: Android, security
>
> The linter for Android picked up an error in the way the SSLContext is
> initialized for the "all trusting" trust manager in FileTransfer.java. For
> Android 4.3 and below, java.security.SecureRandom produces insecure RNG. See
> http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
> for an explanation and a fix. I am not sure how big an issue this actually
> is because it appears to only affect code that is used for development
> purposes.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
