Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The script accepts the backup password either from a positional command-line argument or an environment variable, and then passes it to `mvt-ios decrypt-backup -p`. Supplying secrets on the command line is risky because they can be exposed through shell history, process listings, logging, crash reports, or other local monitoring tools. In this forensic context, the password protects a sensitive iPhone backup, so disclosure could enable unauthorized access to the decrypted contents.
