Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing security issue #29

Merged
merged 1 commit into from Mar 6, 2018
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Fixing security issue
Plugin logs sensitive information and that is considered as a security issue. iOS logs are can be easily accessed by attacker.

References:
https://www.owasp.org/index.php/Mobile_Top_10_2016-M2-Insecure_Data_Storage
https://www.kaspersky.com/blog/starbucks-moves-quick-to-fix-application-security-vulnerability/3510/ (Starbucks for instance had problem with placing sensitive data to iOS logs and that was a big scandal ;-) )
  • Loading branch information
r3ggi committed Feb 20, 2018
commit 980230645c8ea3b531b85401de5e4bca0f860e42
4 changes: 1 addition & 3 deletions src/ios/CDVKeychain.m
Expand Up @@ -69,9 +69,7 @@ - (void) set:(CDVInvokedUrlCommand*)command {
NSString* key = [arguments objectAtIndex:0];
NSString* value = [arguments objectAtIndex:1];
BOOL useTouchID = [[arguments objectAtIndex:2] boolValue];

NSLog(@"SET %@ %@ %d", key ,value, useTouchID);


A0SimpleKeychain *keychain = [A0SimpleKeychain keychain];

if(useTouchID) {
Expand Down