The application passes a NULL initialization vector (IV) to the Common Crypto library for an encryption operation. When the Common Crypto library receives a NULL initialization vector, it uses a default constant initialization vector consisting of all zeroes.
A valid initialization vector is a unique, random value of length equal to the block size of a block cipher. Initialization vectors are used to vary the output of an encryption function so that, assuming the encryption key remains the same, encrypting the same plaintext multiple times never produces the same ciphertext. A new initialization vector must be generated each time an encryption operation is performed. Using a constant initialization vector eliminates its effectiveness, since the encrypted form of a piece of plaintext will be the same when the same key and initialization vector are used.
Steps to Reproduce:
- Decompile the application source code.
- Search for the string "CCCrypt".
- Note that the application source contains code that passes a null initialization vector to CCCrypt function.
I have not used any cryptography lib in react native app.
I have decompiled IPA binary file.please see image for evidence of decompiled code.
HOW CAN I Find where this is initialised or used this lib?