You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During our projects security scan, we have received a bug related to Manual Server Trust Authentication Attempts which can cause vulnerability in the app by providing a window for the man-in-middle attack.
What
The security scan shows the below evidence that exposes the URL and also it doesn't seem to perform any kind of trust evaluation after delegate method:
Kingfisher implements these delegate methods in the image downloader and again delegates them out again to allow library users to customize their own logic. By default, as long as you didn't provide your implementation or set the trustedHosts, a .performDefaultHandling and an nil URLCredential is returned, so I don't see an issue in Kingfisher's implementation.
I am not sure what the issue you are facing now. If it is a warning from your security scan, then I believe it is a false positive and maybe it is better to ask the security scan support team to see if there is a way to prevent this.
Check List
Thanks for considering to open an issue. Before you submit your issue, please confirm these boxes are checked.
Issue Description
During our projects security scan, we have received a bug related to Manual Server Trust Authentication Attempts which can cause vulnerability in the app by providing a window for the man-in-middle attack.
What
The security scan shows the below evidence that exposes the URL and also it doesn't seem to perform any kind of trust evaluation after delegate method:
Here is the trace:
Other Comment
Can you please let me know how to deal with this?
The text was updated successfully, but these errors were encountered: