Bug #22303
[External Audit Findings][iOS] Weak SSL Pinning
Status: | Closed | Start date: | 29 July 2025 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | yap chekying | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Issue:
During testing on iOS apps, the tester found that the app does not implement SSL Pinning. Without SSL Pinning, attackers can intercept and modify data transmitted between the app and server using invalid certificates, increasing the risk of data tampering.
Recommendation from pentester:
Developers should implement SSL Pinning.
Please refer to attached excel for details.
History
#1 Updated by He Xi Yeo about 1 month ago
- Status changed from New to Assigned
- Assignee changed from He Xi Yeo to yap chekying
- % Done changed from 0 to 100
Added SSL Pinning, which compare server hashed public key compared to app's hashed public key.
#2 Updated by yap chekying about 1 month ago
- File RE OCBC Business Mobile app Audit Findings - July 2025.msg added
- Status changed from Assigned to Pending UAT
#3 Updated by yap chekying about 1 month ago
- Priority changed from Immediate to Normal
#4 Updated by yap chekying about 1 month ago
- Status changed from Pending UAT to Pending PROD
#5 Updated by yap chekying 13 days ago
- Status changed from Pending PROD to Closed
Released to production