CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
      • Biometrics-and-auth
      • Commoncrypto
        • Hardcoded-iv
        • Hardcoded-pbkdf2-passphrase
        • Hardcoded-realm
        • Hardcoded-salt
        • Hardcoded-symmetric-key
        • Insecure-crypto-aes-keysize
        • Insecure-crypto-algorithm-blowfish
        • Insecure-crypto-algorithm-des
        • Insecure-crypto-algorithm-rc4
        • Insecure-crypto-cbc-mode
        • Insecure-crypto-ecb-mode
        • Insecure-crypto-keystorage
        • Insecure-crypto-rsa-keysize
        • Insecure-hashing-algorithm-md2
        • Insecure-hashing-algorithm-md4
        • Insecure-hashing-algorithm-md5
        • Insecure-hashing-algorithm-sha1
        • Insufficient-pbkdf2-work-factor-sha1
        • Insufficient-pbkdf2-work-factor-sha256
        • Insufficient-pbkdf2-work-factor-sha512
        • Realmstate-encryption-missing
          • Swift hardcoded realm without encryption
      • Cryptoswift
      • Insecure-communication
      • Lang
      • Pathtraversal
      • Sql
      • Sqllite
      • Webview
      • Webview
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Realmstate-encryption-missing

Swift hardcoded realm without encryption

swift-hardcoded-realm-without-encryption

The application was observed to utilize Realm for data storage, but was not observed to set an encryption key. When no encryption key is set in the configuration, no encryption is used. To protect user and application data, the application should specify an encryption key, which is randomly generated per user, per client.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design
Insufficient pbkdf2 work factor sha512Aes hardcoded secret
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.