Skip to main content
The application’s App Transport Security (ATS) configuration allows for insecure HTTP connections. The NSAllowsArbitraryLoads and NSTemporaryExceptionAllowsInsecureHTTPLoads property keys can be used to allow HTTP for all domains or a particular domain respectively. HTTPs should be used in all cases, to ensure secure communications - protecting data in transport.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-

- C
- l
- e
- a
- r
- t
- e
- x
- t
-

- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-

- o
- f
-

- S
- e
- n
- s
- i
- t
- i
- v
- e
-

- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
I