No-verify
Verify biometric changes
verify-biometric-changes
verify-biometric-changes
The application was observed to leverage biometrics, without verifying that biometric changes have not taken place. Failure to do so means that an attacker with knowledge of the victim’s passcode or the ability to guess the passcode - can register their own biometrics, and bypass the authentication mechanism within the app. The application should check first that biometric changes have not been made, then proceed.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 0
- 5
- :
-
- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
-
- B
- y
- p
- a
- s
- s
-
- b
- y
-
- P
- r
- i
- m
- a
- r
- y
-
- W
- e
- a
- k
- n
- e
- s
- s
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 0
- 5
- :
-
- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
-
- B
- y
- p
- a
- s
- s
-
- b
- y
-
- P
- r
- i
- m
- a
- r
- y
-
- W
- e
- a
- k
- n
- e
- s
- s