Swift : Unsafe URL parameters

Classification

OWASP Mobile Top 10 2014

M4-Unintended Data Leakage

OWASP Mobile Top 10 2016

M2-Insecure Data Storage

OWASP MASVS

V6: 6.3.(L1/L2/L1+R/L2+R)

HIPAA

§164.312 (e)(1)

Overview

The application uses unsafe URL parameters that may lead to a sensitive information leakage. The passing of authentication information as URL parameters has proven to be a serious security risk.

Insecure Data Storage vulnerabilities take the second place in the “OWASP Mobile Top 10 2016” mobile application vulnerabilities ranking.

References

IETF STD 66 (rfc3986)
OWASP Mobile Top 10 2016-M2-Insecure Data Storage

CRITICAL

Swift : Unsafe URL parameters

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Swift : Unsafe URL parameters in your application?

See also

Swift : Nill password

Swift : Hardcoded salt

Swift : Undocumented feature: special account