Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
No-verify
Verify biometric changes
The application was observed to leverage biometrics, without verifying that biometric changes have not taken place. Failure to do so means that an attacker with knowledge of the victim’s passcode or the ability to guess the passcode - can register their own biometrics, and bypass the authentication mechanism within the app. The application should check first that biometric changes have not been made, then proceed.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 0
- 5
- :
-
- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
-
- B
- y
- p
- a
- s
- s
-
- b
- y
-
- P
- r
- i
- m
- a
- r
- y
-
- W
- e
- a
- k
- n
- e
- s
- s