The application’s App Transport Security (ATS) configuration allows for insecure accessing of HTTP content in WebViews. This means that connections accessed in a WebView may be accessed via HTTP, potentially leaking that data to others on the local network, or to other network devices the network traffic traverses (proxies, firewalls, load balancers, etc). Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP: - A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures