Bug #22303
[External Audit Findings][iOS] Weak SSL Pinning
Status: | Closed | Start date: | 29 July 2025 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | yap chekying | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Issue:
During testing on iOS apps, the tester found that the app does not implement SSL Pinning. Without SSL Pinning, attackers can intercept and modify data transmitted between the app and server using invalid certificates, increasing the risk of data tampering.
Recommendation from pentester:
Developers should implement SSL Pinning.
Please refer to attached excel for details.
History
#2 Updated by yap chekying about 2 months ago
- File RE OCBC Business Mobile app Audit Findings - July 2025.msg added
- Status changed from Assigned to Pending UAT
#3 Updated by yap chekying about 2 months ago
- Priority changed from Immediate to Normal
#4 Updated by yap chekying about 2 months ago
- Status changed from Pending UAT to Pending PROD
#5 Updated by yap chekying about 1 month ago
- Status changed from Pending PROD to Closed
Released to production