Advisories for Golang/Github.com/Edgexfoundry/App-Service-Configurable package

2021

Use of a Broken or Risky Cryptographic Algorithm

Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may …