Bug #1683: The App uses the encryption mode CBC with PKCS5/PKCS7 padding. This configuration is vulnerable to padding oracle attacks. - Dr.Carrot Mobile - Redmine

Actions

Copy link

Bug #1683

open

Support #1680: Mobsf - Security Issuse

The App uses the encryption mode CBC with PKCS5/PKCS7 padding. This configuration is vulnerable to padding oracle attacks.

Added by Misbha G 5 months ago. Updated 5 months ago.

Status:

In Progress

Priority:

Urgent

Assignee:

Elangovan M

Start date:

07/11/2025

Due date:

% Done:

Estimated time:

Description

Fix the following issue

"The App uses the encryption mode CBC with PKCS5/PKCS7 padding. This configuration is vulnerable to padding oracle attacks.
https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
p/AbstractC3531i.java, line(s) 107"

History
Property changes

Actions

Copy link

Updated by Elangovan M 5 months ago

Status changed from New to In Progress

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Dr.Carrot Mobile

Bug #1683

The App uses the encryption mode CBC with PKCS5/PKCS7 padding. This configuration is vulnerable to padding oracle attacks.

Updated by Elangovan M 5 months ago