Insecure-crypto-keystorage
Insecure crypto keystorage
insecure-crypto-keystorage
insecure-crypto-keystorage
Key generation routines were identified where the resultant keys are not stored protected by the Secure Enclave. On iOS/macOS systems, cryptographic keys can be generated within the Secure Enclave - making them inaccessible to the rest of the system. The keys can be used for operations (signing, decryption, etc) but the private keys cannot be dumped or copied - even on rooted/jailbroken systems.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-922: Insecure Storage of Sensitive Information
OWASP:
- A01:2021 - Broken Access Control