search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Empty_Password @ iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift [master] #50

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Empty_Password issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift in branch master

The application uses the empty password password for authentication purposes, either using it to verify users' identities, or to access another remote system. This empty password is set at line 29 of iGoat-Swift\iGoat-Swift\Source\Exercises\Social Engineering\SocialEngineeringVC.swift appears in the code, cannot be changed without rebuilding the application and indicates its associated account is exposed.

Severity: Low

CWE:521

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: [31](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift#L31)

[Code (Line #31):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift#L31)

        let password = passwordTxtField.text ?? ""
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)