tsunez
commented
3 years ago Issue still exists.
SUMMARY
Issue has 2 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)
Open tsunez opened 3 years ago
tsunez
commented
3 years ago Issue still exists.
Issue has 2 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)
tsunez
commented
3 years ago Issue still exists.
Issue has 2 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)
Autocorrection_Keystroke_Logging issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift in branch master
The UI element passwordField at line 8 of iGoat-Swift\iGoat-Swift\Source\Exercises\Key Management\Random Key Generation\RandomKeyGenerationExerciseVC.swift provides interactive input of sensitive text data. Autocorrection dictionary may cache the sensitive information, and make it accessible to attackers.
Severity: Medium
CWE:359
Vulnerability details and guidance
Checkmarx
Recommended Fix
Lines: [8](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L8) [10](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L10)
[Code (Line #8):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L8)
[Code (Line #10):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Key Management/Random Key Generation/RandomKeyGenerationExerciseVC.swift#L10)