keychain-accessible-always
keychain-accessible-always
The application was observed to store keychain items with the accessibility type
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 7
- 2
- :
-
- L
- e
- a
- s
- t
-
- P
- r
- i
- v
- i
- l
- e
- g
- e
-
- V
- i
- o
- l
- a
- t
- i
- o
- n
kSecAttrAccessibleAlways
meaning that the data is not sufficiently protected at rest. Ideally, the application should use kSecAttrAccessibleWhenUnlocked
to configure the data to be accessible only when the user has unlocked the screen.Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 7
- 2
- :
-
- L
- e
- a
- s
- t
-
- P
- r
- i
- v
- i
- l
- e
- g
- e
-
- V
- i
- o
- l
- a
- t
- i
- o
- n