Objective-C : Information leak via GET request
Classification
OWASP Mobile Top 10 2014 M4-Unintended Data Leakage OWASP Mobile Top 10 2016 M2-Insecure Data Storage PCI DSS 4.0 6.2.4 HIPAA §164.312 (e)(1) CWE CWE-598Overview
The application uses a GET-request instead of a POST-request to transfer data to the server.
Using a GET-request means that the URL and the request parameters may be stored in the browser cache, the server cache, and the cache of intermediate proxy servers. This may lead to the data leak. An attacker can obtain information about the structure of the request and draw conclusions about the architecture of the application, the names of the database tables, and use this information for the attack.