Open tsunez opened 4 years ago
Issue still exists.
Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)
Issue still exists.
Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)
Issue still exists.
Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)
Got exactly the same issue when scanning with Checkmarx. Then I fixed it by the suggested methods. And also add the code to disable the third party keyboard. But the issue still exists. I think if it's a false positive detection?
- (BOOL)application:(UIApplication *)application shouldAllowExtensionPointIdentifier:(UIApplicationExtensionPointIdentifier)extensionPointIdentifier {
if ([extensionPointIdentifier isEqualToString: UIApplicationKeyboardExtensionPointIdentifier]) {
return NO;
}
return YES;
}
Third_Party_Keyboards_On_Sensitive_Field issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift in branch master
The passwordField at line 8 of iGoat-Swift\iGoat-Swift\Source\Exercises\Key Management\Random Key Generation\RandomKeyGenerationExerciseVC.swift contains sensitive data, and is not protected from third party keyboards by either: 1) Setting secureTextEntry=YES, -Or- 2) Disabling third party keyboards application wide.
Severity: High
CWE:829
Vulnerability details and guidance
Checkmarx
Recommended Fix
Lines: [20](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L20) [8](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L8) [25](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L25) [10](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L10) [14](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L14)
[Code (Line #20):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L20)
[Code (Line #8):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L8)
[Code (Line #25):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L25)
[Code (Line #10):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L10)
[Code (Line #14):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L14)