search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Third_Party_Keyboards_On_Sensitive_Field @ iGoat-Swift/iGoat-Swift/Source/Exercises/Binary Patching/BinaryPatchingVC.swift [master] #12

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Third_Party_Keyboards_On_Sensitive_Field issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/Binary Patching/BinaryPatchingVC.swift in branch master

The passwordTextField at line 4 of iGoat-Swift\iGoat-Swift\Source\Exercises\Binary Patching\BinaryPatchingVC.swift contains sensitive data, and is not protected from third party keyboards by either: 1) Setting secureTextEntry=YES, -Or- 2) Disabling third party keyboards application wide.

Severity: High

CWE:829

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: [4](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Binary Patching/BinaryPatchingVC.swift#L4) [7](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Binary Patching/BinaryPatchingVC.swift#L7) [11](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Binary Patching/BinaryPatchingVC.swift#L11)

[Code (Line #4):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Binary Patching/BinaryPatchingVC.swift#L4)

    @IBOutlet weak var passwordTextField: UITextField!

[Code (Line #7):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Binary Patching/BinaryPatchingVC.swift#L7)

        if passwordTextField.text?.isEmpty ?? true {

[Code (Line #11):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Binary Patching/BinaryPatchingVC.swift#L11)

        let password = passwordTextField.text!
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 3 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 3 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 3 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)