The application should check the trust result of the SecTrustEvaluate API call to ensure that the connection is trusted. Failure to do so may allow connections to proceed under insecure circumstances, resulting in a reduction in transport layer security guarantees. Likelihood: MEDIUM Confidence: MEDIUM CWE: - C
- W
- E
- -
- 2
- 9
- 5
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-
- V
- a
- l
- i
- d
- a
- t
- i
- o
- n
OWASP: - A03:2017 - Sensitive Data Exposure
- A07:2021 - Identification and Authentication Failures