search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Use_of_Hardcoded_Password @ iGoat-Swift/iGoat-Swift/Source/Exercises/InsecureLocalDataStorage/Yap/YapExerciseVC.swift [master] #75

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Use_of_Hardcoded_Password issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/InsecureLocalDataStorage/Yap/YapExerciseVC.swift in branch master

The application uses a single, hard-coded password YapValuePassword for authentication purposes, either using it to verify users' identities, or to access another remote system. This password at line 7 of iGoat-Swift\iGoat-Swift\Source\Exercises\InsecureLocalDataStorage\Yap\YapExerciseVC.swift appears in the code as plaintext, and cannot be changed without rebuilding the application.

Severity: Low

CWE:259

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 7 9

Code (Line #7):

    static let YapValuePassword = "TheUnknown"

Code (Line #9):

    static let YapKeyPassword = "YapKeyPassword"
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 2 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 2 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)