Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Empty_Password @ iGoat-Swift/iGoat-Swift/Source/Exercises/Authentication/Remote/RemoteAuthenticationExerciseVC.swift [master] #19

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Empty_Password issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/Authentication/Remote/RemoteAuthenticationExerciseVC.swift in branch master

The application uses the empty password password for authentication purposes, either using it to verify users' identities, or to access another remote system. This empty password is set at line 15 of iGoat-Swift\iGoat-Swift\Source\Exercises\Authentication\Remote\RemoteAuthenticationExerciseVC.swift appears in the code, cannot be changed without rebuilding the application and indicates its associated account is exposed.

Severity: Low

CWE:521

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 25


Code (Line #25):

        let password = passwordTextField.text ?? ""

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)