Homepage
About Snyk

cordova-plugin-ios-keychain@3.0.1 vulnerabilities

This plugin allows your app access to the iOS KeyChain from Cordova. See: https://developer.apple.com/library/mac/documentation/security/conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the cordova-plugin-ios-keychain package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

cordova-plugin-ios-keychain is an Apache Cordova (PhoneGap) plugin.

Affected versions of this package are vulnerable to Information Exposure Through Log Files in CDVKeychain.m. It can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs.

How to fix Information Exposure?

There is a fix for cordova-plugin-ios-keychain, pushed into the master branch but not yet published.

*
  • M
Information Exposure

cordova-plugin-ios-keychain is an Apache Cordova (PhoneGap) plugin.

Affected versions of this package are vulnerable to Information Exposure Through Log Files in CDVKeychain.m. It can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs.

How to fix Information Exposure?

There is a fix for cordova-plugin-ios-keychain, pushed into the master branch but not yet published.

*
Go back to all versions of this package