CVE-2013-5391: IBM Worklight Android Pseudo Random Number Generator Weakness

ID CVE-2013-5391
Type cve
Reporter NVD
Modified 2014-02-26T00:00:00


A vulnerability exists in the Android operating system where the pseudo random number generator (PRNG) is not properly initialized. As a result of this vulnerability, Worklight programs on Android that use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation might not receive cryptographically strong values.

This issue affects IBM Worklight customer applications on Android that make use of JSONStore local data storage with encryption enabled and have initialized the JSONStore collection using the '{localKeyGen: true}' option. It can also affect IBM Worklight applications on Android if the customer application logic makes use of the JCA functions that are previously described.