Home / Vulnerability Database / Swift : Insecure manipulations with the file system

Swift

Swift : Insecure manipulations with the file system

Classification

OWASP Mobile Top 10 2014

M4-Unintended Data Leakage

OWASP Mobile Top 10 2016

M2-Insecure Data Storage

PCI DSS 4.0

6.2.4

HIPAA

§164.312 (c)(1)

CWE

CWE-61

Overview

The application uses a method that create a temporary file before writing data to a target file. This method reduces the risk of information leakage when copying or writing to a file, but if the temporary file is created in a public directory, the attacker may replace or steal it before it is written to the targeted file.

References

CWE CATEGORY: Temporary File Issues
CWE-61: UNIX Symbolic Link (Symlink) Following
Mobile Top 10 2014-M4-Unintended Data Leakage
OWASP Mobile Top 10 2016-M2-Insecure Data Storage

LOW

Swift : Insecure manipulations with the file system

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Swift : Insecure manipulations with the file system in your application?

See also

Swift : Nill password

Swift : Hardcoded salt

Swift : Undocumented feature: special account