Information Exposure Affecting cordova-plugin-ios-keychain package, versions *
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Confidentiality
High
Threat Intelligence
EPSS
0.19% (57th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID npm:cordova-plugin-ios-keychain:20180306
- published 21 Mar 2018
- disclosed 6 Mar 2018
- credit Unknown
Introduced: 6 Mar 2018
CVE-2018-1000123 Open this link in a new tabHow to fix?
There is a fix for cordova-plugin-ios-keychain
, pushed into the master branch but not yet published.
Overview
cordova-plugin-ios-keychain is an Apache Cordova (PhoneGap) plugin.
Affected versions of this package are vulnerable to Information Exposure Through Log Files in CDVKeychain.m
. It can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs.