CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
        • Biometrics-and-auth
          • Acl-changes
          • Keychain-always-accessible
          • Keychain-sync
          • Local-biometrics
          • Missing-user-auth
          • No-verify
            • Verify biometric changes
          • Pass-fallback
        • Commoncrypto
        • Cryptoswift
        • Insecure-communication
        • Lang
        • Pathtraversal
        • Sql
        • Sqllite
        • Webview
        • Webview
      • Terraform
      • Typescript
      • Yaml
    No-verify

    Verify biometric changes

    The application was observed to leverage biometrics, without verifying that biometric changes have not taken place. Failure to do so means that an attacker with knowledge of the victim’s passcode or the ability to guess the passcode - can register their own biometrics, and bypass the authentication mechanism within the app. The application should check first that biometric changes have not been made, then proceed.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 0
    - 5
    - :
    -

    - A
    - u
    - t
    - h
    - e
    - n
    - t
    - i
    - c
    - a
    - t
    - i
    - o
    - n
    -

    - B
    - y
    - p
    - a
    - s
    - s
    -

    - b
    - y
    -

    - P
    - r
    - i
    - m
    - a
    - r
    - y
    -

    - W
    - e
    - a
    - k
    - n
    - e
    - s
    - s

    Keychain without user authKeychain passcode fallback
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.