Information Exposure Affecting cordova-plugin-ios-keychain Open this link in a new tab package, versions *
Attack Complexity
Low
User Interaction
Required
Confidentiality
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
npm:cordova-plugin-ios-keychain:20180306
-
published
21 Mar 2018
-
disclosed
6 Mar 2018
-
credit
Unknown
Introduced: 6 Mar 2018
CVE-2018-1000123 Open this link in a new tabHow to fix?
There is a fix for cordova-plugin-ios-keychain
, pushed into the master branch but not yet published.
Overview
cordova-plugin-ios-keychain is an Apache Cordova (PhoneGap) plugin.
Affected versions of this package are vulnerable to Information Exposure Through Log Files in CDVKeychain.m
. It can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs.