keychain-accessible-always
keychain-accessible-always
The application was observed to store keychain items with the accessibility type
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 7
- 2
- :
-
- L
- e
- a
- s
- t
-
- P
- r
- i
- v
- i
- l
- e
- g
- e
-
- V
- i
- o
- l
- a
- t
- i
- o
- n
kSecAttrAccessibleAlways meaning that the data is not sufficiently protected at rest. Ideally, the application should use kSecAttrAccessibleWhenUnlocked to configure the data to be accessible only when the user has unlocked the screen.Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 7
- 2
- :
-
- L
- e
- a
- s
- t
-
- P
- r
- i
- v
- i
- l
- e
- g
- e
-
- V
- i
- o
- l
- a
- t
- i
- o
- n