CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
      • Biometrics-and-auth
        • Acl-changes
          • Keychain acl allows biometry changes
        • Keychain-always-accessible
        • Keychain-sync
        • Local-biometrics
        • Missing-user-auth
        • No-verify
        • Pass-fallback
      • Commoncrypto
      • Cryptoswift
      • Insecure-communication
      • Lang
      • Pathtraversal
      • Sql
      • Sqllite
      • Webview
      • Webview
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Acl-changes

Keychain acl allows biometry changes

keychain-acl-allows-biometry-changes

The application was observed to store keychain items that leverage biometric protection, but allow for biometry changes. This means that an attacker with knowledge of the victim’s passcode or the ability to guess the passcode - can register their own biometrics, and bypass this keychain authentication mechanism within the app. The application should store keychain entries with biometryCurrentSet rather than biometryAny or userPresence.
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 0
- 5
- :
-

- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
-

- B
- y
- p
- a
- s
- s
-

- b
- y
-

- P
- r
- i
- m
- a
- r
- y
-

- W
- e
- a
- k
- n
- e
- s
- s
SecurityKeychain accessible always
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.