search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Unscrubbed_Secret @ iGoat-Swift/iGoat-Swift/Source/Exercises/InsecureLocalDataStorage/Yap/YapExerciseVC.swift [master] #57

Open tsunez opened 3 years ago

tsunez commented 3 years ago

Unscrubbed_Secret issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/InsecureLocalDataStorage/Yap/YapExerciseVC.swift in branch master

Method "TheUnknown" at line 7 of iGoat-Swift\iGoat-Swift\Source\Exercises\InsecureLocalDataStorage\Yap\YapExerciseVC.swift defines YapValuePassword, which is designated to contain user passwords. However, while plaintext passwords are later assigned to YapValuePassword, this variable is never cleared from memory.

Severity: Low

CWE:226

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 53 7 9 45 15

Code (Line #53):

            let password = transaction.object(forKey: YapExerciseVC.YapKeyPassword, inCollection: YapExerciseVC.YapCollection) as? String

Code (Line #7):

    static let YapValuePassword = "TheUnknown"

Code (Line #9):

    static let YapKeyPassword = "YapKeyPassword"

Code (Line #45):

    func verifyName(_ enteredUserName:String, enteredPassword:String) -> Bool {

Code (Line #15):

    @IBOutlet weak var passwordTextField: UITextField!
tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)