swift-webview-config-https-upgrade
Webviews were observed that do not enable the upgradeKnownHostsToHTTPS
feature. This feature will ensure accidental HTTP connections are automatically upgraded to HTTPS, avoiding potential data leakage over the network.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-272: Least Privilege Violation