search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Unscrubbed_Secret @ iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift [master] #59

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Unscrubbed_Secret issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift in branch master

Method UITextField! at line 6 of iGoat-Swift\iGoat-Swift\Source\Exercises\Social Engineering\SocialEngineeringVC.swift defines passwordTxtField, which is designated to contain user passwords. However, while plaintext passwords are later assigned to passwordTxtField, this variable is never cleared from memory.

Severity: Low

CWE:226

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: [68](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift#L68) [6](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift#L6) [61](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift#L61) [31](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift#L31)

[Code (Line #68):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift#L68)

        let validPassword = credentialsInfo["Password"] as? String

[Code (Line #6):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift#L6)

    @IBOutlet weak var passwordTxtField: UITextField!

[Code (Line #61):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift#L61)

    func verifyUser(name: String, password: String) -> Bool {

[Code (Line #31):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Social Engineering/SocialEngineeringVC.swift#L31)

        let password = passwordTxtField.text ?? ""
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 4 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 4 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)