Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Autocorrection_Keystroke_Logging @ iGoat-Swift/iGoat-Swift/Source/Exercises/InsecureLocalDataStorage/Realm/RealmExerciseVC.swift [master] #58

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Autocorrection_Keystroke_Logging issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/InsecureLocalDataStorage/Realm/RealmExerciseVC.swift in branch master

The UI element creditNameTextField at line 12 of iGoat-Swift\iGoat-Swift\Source\Exercises\InsecureLocalDataStorage\Realm\RealmExerciseVC.swift provides interactive input of sensitive text data. Autocorrection dictionary may cache the sensitive information, and make it accessible to attackers.

Severity: Medium

CWE:359

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 12 13 14


Code (Line #12):

    @IBOutlet weak var creditNameTextField: UITextField!

Code (Line #13):

    @IBOutlet weak var creditNumberTextField: UITextField!

Code (Line #14):

    @IBOutlet weak var creditCVVTextField: UITextField!

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 3 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 3 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)