Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms. #3644

Open
spdeol20 opened this issue Oct 16, 2024 · 4 comments
Labels
question General question

Comments

@spdeol20
Copy link

Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms.
"RSA/ECB/PKCS1Padding";

@github-actions github-actions bot added pending-triage Issue is pending triage pending-maintainer-response Issue is pending response from an Amplify team member labels Oct 16, 2024
@vincetran
Copy link
Member

Can you provide the report that claims this?

@github-actions github-actions bot removed the pending-maintainer-response Issue is pending response from an Amplify team member label Oct 16, 2024
@spdeol20
Copy link
Author

BSI organisation tested our app and they raised the issue in your sdk that you using weak encryption so I reported here
we using your sdk for cognito and appsync

@github-actions github-actions bot added the pending-maintainer-response Issue is pending response from an Amplify team member label Oct 17, 2024
@harsh62
Copy link
Member

harsh62 commented Oct 21, 2024

Can you please provide detailed analysis to the team so that we can investigate further (as also requested above)?

  • Code snippets
  • Reports that you recieved
  • Claims that the report has made.
  • Suggestions from the report (if any)

The current information we have is not enough for us to further look into the issue.

@github-actions github-actions bot removed the pending-maintainer-response Issue is pending response from an Amplify team member label Oct 21, 2024
@vincetran
Copy link
Member

@spdeol20 Specifically when we've seen reports like this, it comes with the report that specifically calls out the class in question with an explanation of what the possible issue would be. The SDKs for Cognito and AppSync are large so we need more details in order to investigate.

@vincetran vincetran added the question General question label Oct 23, 2024
@github-actions github-actions bot removed the pending-triage Issue is pending triage label Oct 23, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
question General question
Projects
None yet
Development

No branches or pull requests

3 participants