Sensitive data was found to be contained within crypto calls. This finding is to show the presence of data being hashed or encrypted, but does not indicate an issue in using those methods. The evidence table displays each crypto method used, the data type, the actual value that was recovered, whether this value was recovered in plain text form or a specific encoding, and the data that was found to contain the sensitive value.
Steps to Reproduce
CommonCrypto calls are analyzed to determine if any sensitive data is protected using symmetric encryption, hash-based message authentication codes, and digests.
Finding Description
Sensitive data was found to be contained within crypto calls. This finding is to show the presence of data being hashed or encrypted, but does not indicate an issue in using those methods. The evidence table displays each crypto method used, the data type, the actual value that was recovered, whether this value was recovered in plain text form or a specific encoding, and the data that was found to contain the sensitive value.
Steps to Reproduce
CommonCrypto calls are analyzed to determine if any sensitive data is protected using symmetric encryption, hash-based message authentication codes, and digests.
Risk and Regulatory Information
Severity: info
Application
See more detail in the NowSecure Report