CX Security_Misconfiguration @ app/routes/profile.js [master]

Custodela / NodeGoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

https://www.owasp.org/index.php/Projects/OWASP_Node_js_Goat_Project

Apache License 2.0

0 stars 0 forks source link

CX Security_Misconfiguration @ app/routes/profile.js [master] #8

Open kmcdon83 opened 6 years ago

kmcdon83 commented 6 years ago

Security_Misconfiguration issue exists @ app/routes/profile.js in branch master

The application takes sensitive, personal data ssn, found at line 20 of app\routes\profile.js, and stores it in an unprotected manner, without encryption, to anony1714282621var at line 42 of app\data\profile-dao.js.

Severity: High CWE:933 Vulnerability details and guidance Internal Guidance Lines: 24 25

Code (Line #24):

        var ssn = req.body.ssn;

Code (Line #25):

        var dob = req.body.dob;

kmcdon83 commented 6 years ago

Issue still exists.

kmcdon83 commented 6 years ago

Issue still exists.