Ats-insecure-website-load
ATS insecure webview loads
ATS-insecure-webview-loads
ATS-insecure-webview-loads
The application’s App Transport Security (ATS) configuration allows for insecure accessing of HTTP content in WebViews. This means that connections accessed in a WebView may be accessed via HTTP, potentially leaking that data to others on the local network, or to other network devices the network traffic traverses (proxies, firewalls, load balancers, etc).
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures