CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
        • Biometrics-and-auth
        • Commoncrypto
        • Cryptoswift
        • Insecure-communication
          • Ats
            • Ats-ct
            • Ats-insecure-website-load
            • Ats-load
            • Ats-local
            • Ats-media-load
              • ATS insecure media loads
            • Ats-pfs
            • Ats-pinning
            • Ats-pins
            • Ats-tls
          • Sect
        • Lang
        • Pathtraversal
        • Sql
        • Sqllite
        • Webview
        • Webview
      • Terraform
      • Typescript
      • Yaml
    Ats-media-load

    ATS insecure media loads

    The application’s App Transport Security (ATS) configuration allows for insecure accessing of media content over HTTP connections. This means that images, video, and other media (AVFoundation) data may be accessed via HTTP, potentially leaking that data to others on the local network, or to other network devices the network traffic traverses (proxies, firewalls, load balancers, etc).
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    ATS local networkingATS disables PFS
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.