The app is in production, I haven't upgraded MSAL, but started seeing this issue
Issue description and reproduction steps
Insecure data storage vulnerabilities occur when application store sensitive information such as usernames, passwords, token, and credit card numbers in plain text. An attacker user this information and try exploit the vulnerability.
It was observed that application is storing sensitive information like JWT token, refresh token and other information in shared preference.
Library version used
Microsoft.Identity.Client-4.60.3
.NET version
netstandard2.0
Scenario
PublicClient - mobile app
Is this a new or an existing app?
The app is in production, I haven't upgraded MSAL, but started seeing this issue
Issue description and reproduction steps
Insecure data storage vulnerabilities occur when application store sensitive information such as usernames, passwords, token, and credit card numbers in plain text. An attacker user this information and try exploit the vulnerability.
It was observed that application is storing sensitive information like JWT token, refresh token and other information in shared preference.
Step to Reproduce. (On rooted device)
Login to application.
Go to data/data/packagename/sharedprefrence.
Open to file and you will see the information
Relevant code snippets
No response
Expected behavior
No response
Identity provider
Other
Regression
No response
Solution and workarounds
No response