Uploaded image for project: 'IoTivity'
  1. IoTivity
  2. IOT-1519

Securely zero memory containing secrets after use

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: P1
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Transport
    • Labels:
    • Found in Version/s:
      1.2.0
    • Fixed in Version/s:
      1.2.1
    • Operating System:
      iOS
    • Issue Severity:
      Enhancement
    • Reproducibility:
      Always (100%)

      Description

      PSKs and private keys end up in buffers on the stack and in the heap. Their contents regularly get copied around, and the originals remain in memory. It's good hygiene to clear such secrets as soon as possible to limit the damage of any possible credential harvesting attacks.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              kkane Kevin Kane
              Reporter:
              kkane Kevin Kane
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: