keychain-without-user-auth
The application was observed to store keychain items that do not leverage user authentication. Requiring the user to provide authentication increases the confidence that the person using the phone is indeed authorized to view the information being retrieved.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 2
- 8
- 7
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures
keychain-without-user-auth
The application was observed to store keychain items that do not leverage user authentication. Requiring the user to provide authentication increases the confidence that the person using the phone is indeed authorized to view the information being retrieved.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 2
- 8
- 7
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures