Kotlin : Keyboard caching

Classification

OWASP Mobile Top 10 2014

M4-Unintended Data Leakage

OWASP Mobile Top 10 2016

M2-Insecure Data Storage

OWASP MASVS

V2: 2.5.(L1/L2/L1+R/L2+R)

CWE

CWE-200

CWE/SANS Top 25 2021

CWE-200

Overview

The application allows entering sensitive data in the text field without implementing measures to disable the android keyboard caching mechanism.

The identified field does not disable the android keyboard caching mechanism. As a result, any sensitive information will be cached to improve the autocorrect feature.

Insecure Data Storage vulnerabilities take the second place in the “OWASP Top 10 2016” mobile application vulnerabilities ranking.

References

CWE-200: Information Exposure
Determining Whether the Keyboard Cache Is Disabled for Text Input Fields
OWASP: Mobile Top 10 2014-M4
OWASP: Mobile Top 10 2016-M2

MEDIUM

Kotlin : Keyboard caching

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Kotlin : Keyboard caching in your application?

See also

Kotlin : Missing required cryptographic step

Kotlin : Logging into system output

Kotlin : Call of notify() in synchronized block