Improper Random Value Generation in Apache Cordova-Android
CVE-2015-8320

Currently unrated

Key Information:

Vendor: Apache
Status: Cordova
Vendor: CVE Published:; 23 November 2015

Summary

Apache Cordova-Android versions prior to 3.7.0 fail to adequately generate random values for the BridgeSecret data. This inadequate randomization can lead to vulnerabilities where attackers may predict these values, subsequently enabling them to conduct bridge hijacking attacks. Ensuring the integrity of the BridgeSecret is crucial for the security of applications built with Apache Cordova.

References

http://www.securityfocus.com/bid/77679

vdb-entryx_refsource_BID

https://cordova.apache.org/announcements/2015/11/20/secur...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/134496/Apache-Cordov...

x_refsource_MISC

Timeline

Vulnerability published
Nov 23, 2015
Vulnerability Reserved
Nov 22, 2015