ATS-arbitrary-loads
The application’s App Transport Security (ATS) configuration allows for insecure HTTP connections. The NSAllowsArbitraryLoads
and NSTemporaryExceptionAllowsInsecureHTTPLoads
property keys can be used to allow HTTP for all domains or a particular domain respectively. HTTPs should be used in all cases, to ensure secure communications - protecting data in transport.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
ATS-arbitrary-loads
The application’s App Transport Security (ATS) configuration allows for insecure HTTP connections. The NSAllowsArbitraryLoads
and NSTemporaryExceptionAllowsInsecureHTTPLoads
property keys can be used to allow HTTP for all domains or a particular domain respectively. HTTPs should be used in all cases, to ensure secure communications - protecting data in transport.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures