CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
      • Biometrics-and-auth
        • Acl-changes
        • Keychain-always-accessible
        • Keychain-sync
        • Local-biometrics
        • Missing-user-auth
          • Keychain without user auth
        • No-verify
        • Pass-fallback
      • Commoncrypto
      • Cryptoswift
      • Insecure-communication
      • Lang
      • Pathtraversal
      • Sql
      • Sqllite
      • Webview
      • Webview
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Missing-user-auth

Keychain without user auth

keychain-without-user-auth

The application was observed to store keychain items that do not leverage user authentication. Requiring the user to provide authentication increases the confidence that the person using the phone is indeed authorized to view the information being retrieved.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 2
- 8
- 7
- :
-

- I
- m
- p
- r
- o
- p
- e
- r
-

- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures
Insecure biometricsVerify biometric changes
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.