DerScanner
Home / Vulnerability Database / Objective-C : Internal information leak
Objective-C

Objective-C : Internal information leak

Classification

OWASP Top 10 2013
A5-Security Misconfiguration
OWASP Top 10 2017
A3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure Design
OWASP MASVS
V7: 7.4.(L1/L2/L1+R/L2+R)V2: 2.1.(L1/L2/L1+R/L2+R)V2: 2.3.(L1/L2/L1+R/L2+R)
OWASP ASVS
ConfigurationError Handling and LoggingError Handling and Logging
CWE
CWE-200CWE-312CWE-313CWE-359CWE-497CWE-532
CWE/SANS Top 25 2021
CWE-200

Overview

Confidential information in cleartext was written to the system logs.

In this case, we are talking about an internal leak: confidential information is written to the local file/event logs.

References

  1. CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  2. CWE-497: Exposure of System Data to an Unauthorized Control Sphere
  3. OWASP Top 10 2017-A3-Sensitive Data Exposure
  4. CWE-532: Insertion of Sensitive Information into Log File
  5. Logs for Sensitive Data
MEDIUM

DerScanner Severity Score

Do you want to fix Objective-C : Internal information leak in your application?

See also

Objective-C

Objective-C : Weak hashing algorithm

Objective-C

Objective-C : Unsafe reflection

Objective-C

Objective-C : Weak seed of random number generator