Insufficient Notice of Private Key Usage in Keybase App 2.13.2 for iOS

Insufficient Notice of Private Key Usage in Keybase App 2.13.2 for iOS

CVE-2019-16992 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation.

Learn more about our Cis Benchmark Audit For Apple Ios.