search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Screen_Caching @ iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Hard Coded Keys/BrokenCryptographyExerciseVC.swift [master] #34

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Screen_Caching issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Hard Coded Keys/BrokenCryptographyExerciseVC.swift in branch master

The UI element passwordTextField at line 11 of iGoat-Swift\iGoat-Swift\Source\Exercises\Key Management\Hard Coded Keys\BrokenCryptographyExerciseVC.swift displays sensitive data on screen. Background screen caching of this sensitive information is not prevented by any means.

Severity: Medium

CWE:524

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: [11](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Hard Coded Keys/BrokenCryptographyExerciseVC.swift#L11)

[Code (Line #11):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Hard Coded Keys/BrokenCryptographyExerciseVC.swift#L11)

    @IBOutlet weak var passwordTextField: UITextField!
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)