You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is an issue created from the Dark Labs AppCritique Static Analysis Report performed on Aug 14, 2018 on Status version 0.9.26 build 6382
Some of these may be purposeful and taken care of. If so, please provide reasoning here and it will be closed upon review. This issue will then serve as a reference for future potential vulnerability disclosures.
Description:
The app takes over the certificate validation process. This could
be used to implement certificate pinning, which is a best practice.
If used for other purposes, such as accepting all certificates, this
could present a security risk.
Note:
This is an issue created from the Dark Labs AppCritique Static Analysis Report performed on Aug 14, 2018 on Status version 0.9.26 build 6382
Some of these may be purposeful and taken care of. If so, please provide reasoning here and it will be closed upon review. This issue will then serve as a reference for future potential vulnerability disclosures.
Description:
The app takes over the certificate validation process. This could
be used to implement certificate pinning, which is a best practice.
If used for other purposes, such as accepting all certificates, this
could present a security risk.
OWASP
2016-M3-Insecure Communication
The text was updated successfully, but these errors were encountered: