-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Free-RASP-Flutter Security Delay Issue #90
Comments
Hi @jostney, This behavior is caused by the priorities of check groups in the freeRASP. The checks are being executed one by one in the background threat, so the debug check group waits for the check groups with higher priority to finish. We'll look at this issue and try to optimize the priorities of critical check groups (like debug) by the next release. Best regards, |
Hi is there any updates on this, I think it can be critical when attacker have about 5 seconds to hooks. In my case the attacker hook the cipher class so all the credential that has been encrypted can be showed if I access it before runApp. |
Hi @yustanj, We have prepared a fix that significantly speeds up the execution of checks. It should be included in the next freeRASP release. Also, I would like to learn more about the attack you experienced. If you would like to share more information privately, please feel free to PM me at tsoukal@talsec.app. Best Regards, |
@SirionRazzer can you confirm the version number for this fix? |
Hello @ribuemsyne , Kind regards, |
The issue is fixed in freeRASP released in January 2024: Flutter: https://github.com/talsec/Free-RASP-Flutter/tree/v6.4.0 |
ok noted
…On Wed, Jan 17, 2024 at 1:46 PM Talsec ***@***.***> wrote:
The issue is fixed in freeRASP released in January 2024:
*Flutter*: https://github.com/talsec/Free-RASP-Flutter/tree/v6.4.0
*Cordova*: https://github.com/talsec/Free-RASP-Cordova/tree/v6.0.0
*Capacitor*: https://github.com/talsec/Free-RASP-Capacitor/tree/v1.2.0
*React Native*:
https://github.com/talsec/Free-RASP-ReactNative/tree/v3.6.0
*Android*: https://github.com/talsec/Free-RASP-Android/tree/v9.0.0
—
Reply to this email directly, view it on GitHub
<#90 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BDG5PQCWOOCTYS4ZCQOL6G3YO6CFXAVCNFSM6AAAAAA5TODPVGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJVGMYDGMJUGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
Thanks and Regards,
Ribu Royson A,
Sr. Software Engineer
Emsyne – Muthoot Systems & Technologies Pvt Ltd
Lulu Cyber Tower 2 , 11th Floor, Infopark , Kochi
www.emsyne.com - +91 9995728766 || 8848605150
--
This e-mail and any files transmitted with it are for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies and the original message. Any
unauthorized review, use, disclosure,dissemination, forwarding, printing or
copying of this email or any action taken in reliance on this e-mail is
strictly prohibited and may be unlawful. The recipient acknowledges that
Muthoot Finance Ltd or its subsidiaries and associated
companies(collectively "The Muthoot Group"),are unable to exercise control
or ensure or guarantee the integrity of/over the contents of the
information contained in e-mail transmissions and further acknowledges that
any views expressed in this message are those of the individual sender and
no binding nature of the message shall be implied or assumed unless the
sender does so expressly with due authority of Muthoot Finance Ltd. Before
opening any attachments please check them for viruses and defects.Virus
Warning: Although the company has taken reasonable precautions to ensure no
viruses are present in this email. The company cannot accept responsibility
for any loss or damage arising from the use of this email or attachment.
|
We have successfully set up the Free-RASP-Flutter library. In our testing, we observed that the
onDebug
callback is being triggered, which is expected behavior. However, we are facing an issue where this callback is not triggered immediately after the execution ofawait Talsec.instance.start(talsecConfig);
. Instead, it takes almost 1 minute for this callback to be triggered. This 1-minute delay is concerning because it means that malicious users could potentially exploit this window of time to engage in unauthorized activities.And configurations
The text was updated successfully, but these errors were encountered: