The app was found to be displaying sensitive information on the screen.
A malicious actor who can see the screen would then have the sensitive data.
Attacks can also possibly access the data through screen captures taken by the OS or the user.
Steps to Reproduce
The app is observed while running on a device and any text entry fields are checked to ensure that they are hiding sensitive information - in this case, the user's password - by using SecureTextFields.
Business Impact
The app was found to be displaying sensitive information on the screen.
A malicious actor who can see the screen would then have the sensitive data.
Remediation Resources
Change the text fields in question to secure text fields by changing the input type to textPassword.
Examples and code snippets can be found on Android's website.
Finding Description
The app was found to be displaying sensitive information on the screen. A malicious actor who can see the screen would then have the sensitive data. Attacks can also possibly access the data through screen captures taken by the OS or the user.
Steps to Reproduce
The app is observed while running on a device and any text entry fields are checked to ensure that they are hiding sensitive information - in this case, the user's password - by using SecureTextFields.
Business Impact
The app was found to be displaying sensitive information on the screen. A malicious actor who can see the screen would then have the sensitive data.
Remediation Resources
Change the text fields in question to secure text fields by changing the input type to
textPassword
. Examples and code snippets can be found on Android's website.Risk and Regulatory Information
Severity: low CVSS: 3.2
Application
See more detail in the NowSecure Report