sectrustevaluate-misuse
sectrustevaluate-misuse
The application should check the trust result of the SecTrustEvaluate API call to ensure that the connection is trusted. Failure to do so may allow connections to proceed under insecure circumstances, resulting in a reduction in transport layer security guarantees.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 2
- 9
- 5
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-
- V
- a
- l
- i
- d
- a
- t
- i
- o
- n
OWASP:
- A03:2017 - Sensitive Data Exposure
- A07:2021 - Identification and Authentication Failures
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 2
- 9
- 5
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-
- V
- a
- l
- i
- d
- a
- t
- i
- o
- n
OWASP:
- A03:2017 - Sensitive Data Exposure
- A07:2021 - Identification and Authentication Failures