The app was found to be displaying sensitive information on the screen. A malicious actor who can see the screen would then have the sensitive data. Attacks can also possibly access the data through screen captures taken by the OS or the user.
Steps to Reproduce
The app is observed while running on a device and any text entry fields are checked to ensure that they are hiding sensitive information - in this case, the user's password - by using secureTextEntry.
Business Impact
The app was found to be displaying sensitive information on the screen.
A malicious actor who can see the screen would then have the sensitive data.
Remediation Resources
Change the text fields in question to secure text fields by setting the secureTextEntry attribute to true.
Informations and code snippets can be found on Apple's website.
Finding Description
The app was found to be displaying sensitive information on the screen. A malicious actor who can see the screen would then have the sensitive data. Attacks can also possibly access the data through screen captures taken by the OS or the user.
Steps to Reproduce
The app is observed while running on a device and any text entry fields are checked to ensure that they are hiding sensitive information - in this case, the user's password - by using secureTextEntry.
Business Impact
The app was found to be displaying sensitive information on the screen. A malicious actor who can see the screen would then have the sensitive data.
Remediation Resources
Change the text fields in question to secure text fields by setting the secureTextEntry attribute to
true. Informations and code snippets can be found on Apple's website.Risk and Regulatory Information
Severity: low CVSS: 3.2
Application
See more detail in the NowSecure Report