Fiserv iOS Apps Log Passwords Insecurely
Background
The Fiserv apps listed below all have the same
security
problem--they exposes passwords in a log on
the phone. Each link goes to a page detailing my
test and notification actions.
This practice
is unacceptable for any app, according to the
OWASP https://github.com/OWASP/owasp-masvs,
specifically, this item:
2.1 MSTG-STORAGE-3: No sensitive data is written to application logs.
Notification
I sent this message on 1-12-2020:
Posted 1-12-2020 by Sam Bowne