hardcoded-salt
hardcoded-salt
Cryptographic operations were identified that leverage a hardcoded salt/nonce. A salt does not need to remain secret, but should be random, generated from cryptographically secure sources of entropy, such as an CSPRNG. On iOS/macOS platforms, secure random data can be obtained via the
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-323: Nonces should be used for the present occasion and only once.
OWASP:
- A02:2021 - Cryptographic Failures
SecCopyRandomBytes API available from RandomizationServices.Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-323: Nonces should be used for the present occasion and only once.
OWASP:
- A02:2021 - Cryptographic Failures