============================ Summary: ========= Application: Vipps by DNB Operating system: Android Versions affected: 1.1.33, 1.2.18, 1.2.20, 1.2.44 and 1.2.45 Non-vulnerable version: 1.3.0 Bugs: Cryptographic issues Vendor notification: 16.02.2016 Vendor fix: 29.02.2016 Author: Gunnar Alendal, alendal (at) nym.hush.com General description: ==================== The mobile app Vipps for Android has two cryptographic issues regarding generation of AES key material used to protect data in transit. Vipps generates AES keys used for various encryption needs. This is done in a non-standard way, reducing the strength of the key material expected in AES encryption. Vulnerability 1 - poor choice of PRNG: ============================= Description:
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment