Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Unscrubbed_Secret @ iGoat-Swift/iGoat-Swift/ThirdParty/CouchBase/CouchbaseLite.framework/Headers/CBLManager.h [master] #55

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Unscrubbed_Secret issue exists @ iGoat-Swift/iGoat-Swift/ThirdParty/CouchBase/CouchbaseLite.framework/Headers/CBLManager.h in branch master

Method - at line 211 of iGoat-Swift\iGoat-Swift\ThirdParty\CouchBase\CouchbaseLite.framework\Headers\CBLManager.h defines keyOrPassword, which is designated to contain user passwords. However, while plaintext passwords are later assigned to keyOrPassword, this variable is never cleared from memory.

Severity: Low

CWE:226

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 211


Code (Line #211):

- (BOOL) registerEncryptionKey: (nullable id)keyOrPassword

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)