CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
        • Biometrics-and-auth
        • Commoncrypto
          • Hardcoded-iv
          • Hardcoded-pbkdf2-passphrase
          • Hardcoded-realm
          • Hardcoded-salt
          • Hardcoded-symmetric-key
          • Insecure-crypto-aes-keysize
          • Insecure-crypto-algorithm-blowfish
          • Insecure-crypto-algorithm-des
          • Insecure-crypto-algorithm-rc4
          • Insecure-crypto-cbc-mode
          • Insecure-crypto-ecb-mode
          • Insecure-crypto-keystorage
          • Insecure-crypto-rsa-keysize
          • Insecure-hashing-algorithm-md2
          • Insecure-hashing-algorithm-md4
          • Insecure-hashing-algorithm-md5
          • Insecure-hashing-algorithm-sha1
          • Insufficient-pbkdf2-work-factor-sha1
          • Insufficient-pbkdf2-work-factor-sha256
          • Insufficient-pbkdf2-work-factor-sha512
          • Realmstate-encryption-missing
            • Swift hardcoded realm without encryption
        • Cryptoswift
        • Insecure-communication
        • Lang
        • Pathtraversal
        • Sql
        • Sqllite
        • Webview
        • Webview
      • Terraform
      • Typescript
      • Yaml
    Realmstate-encryption-missing

    Swift hardcoded realm without encryption

    swift-hardcoded-realm-without-encryption

    The application was observed to utilize Realm for data storage, but was not observed to set an encryption key. When no encryption key is set in the configuration, no encryption is used. To protect user and application data, the application should specify an encryption key, which is randomly generated per user, per client.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-311: Missing Encryption of Sensitive Data
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A04:2021 - Insecure Design
    Insufficient pbkdf2 work factor sha512Aes hardcoded secret
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.