CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
      • Biometrics-and-auth
        • Acl-changes
        • Keychain-always-accessible
        • Keychain-sync
        • Local-biometrics
        • Missing-user-auth
        • No-verify
          • Verify biometric changes
        • Pass-fallback
      • Commoncrypto
      • Cryptoswift
      • Insecure-communication
      • Lang
      • Pathtraversal
      • Sql
      • Sqllite
      • Webview
      • Webview
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
No-verify

Verify biometric changes

verify-biometric-changes

The application was observed to leverage biometrics, without verifying that biometric changes have not taken place. Failure to do so means that an attacker with knowledge of the victim’s passcode or the ability to guess the passcode - can register their own biometrics, and bypass the authentication mechanism within the app. The application should check first that biometric changes have not been made, then proceed.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 0
- 5
- :
-

- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
-

- B
- y
- p
- a
- s
- s
-

- b
- y
-

- P
- r
- i
- m
- a
- r
- y
-

- W
- e
- a
- k
- n
- e
- s
- s
Keychain without user authKeychain passcode fallback
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.