Key generation routines were identified where the resultant keys are not stored protected by the Secure Enclave. On iOS/macOS systems, cryptographic keys can be generated within the Secure Enclave - making them inaccessible to the rest of the system. The keys can be used for operations (signing, decryption, etc) but the private keys cannot be dumped or copied - even on rooted/jailbroken systems. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-922: Insecure Storage of Sensitive Information
OWASP: - A01:2021 - Broken Access Control