Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms. #3644

Closed
spdeol20 opened this issue Oct 16, 2024 · 5 comments
Closed

Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms. #3644

spdeol20 opened this issue Oct 16, 2024 · 5 comments
Labels
question General question

Comments

@spdeol20
Copy link

Application Uses Insecure Encryption Mechanisms Static analysis revealed the presence of cryptographically weak encryption algorithms.
"RSA/ECB/PKCS1Padding";
@github-actions github-actions bot added pending-triage Issue is pending triage pending-maintainer-response Issue is pending response from an Amplify team member labels Oct 16, 2024
@vincetran
Copy link
Member

Can you provide the report that claims this?

@github-actions github-actions bot removed the pending-maintainer-response Issue is pending response from an Amplify team member label Oct 16, 2024
@spdeol20
Copy link
Author

BSI organisation tested our app and they raised the issue in your sdk that you using weak encryption so I reported here
we using your sdk for cognito and appsync

@github-actions github-actions bot added the pending-maintainer-response Issue is pending response from an Amplify team member label Oct 17, 2024
@harsh62
Copy link
Member

harsh62 commented Oct 21, 2024

Can you please provide detailed analysis to the team so that we can investigate further (as also requested above)?

  • Code snippets
  • Reports that you recieved
  • Claims that the report has made.
  • Suggestions from the report (if any)

The current information we have is not enough for us to further look into the issue.

@github-actions github-actions bot removed the pending-maintainer-response Issue is pending response from an Amplify team member label Oct 21, 2024
@vincetran
Copy link
Member

@spdeol20 Specifically when we've seen reports like this, it comes with the report that specifically calls out the class in question with an explanation of what the possible issue would be. The SDKs for Cognito and AppSync are large so we need more details in order to investigate.

@vincetran vincetran added the question General question label Oct 23, 2024
@github-actions github-actions bot removed the pending-triage Issue is pending triage label Oct 23, 2024
@vincetran vincetran added the closing soon Issue will auto-close if there is no additional activity within 7 days. label Nov 19, 2024
@github-actions github-actions bot removed the closing soon Issue will auto-close if there is no additional activity within 7 days. label Jan 14, 2025
@github-actions GitHub Actions
Copy link
Contributor

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question General question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tylerjroach @vincetran @harsh62 @spdeol20