search

Custodela / dvna-shard-test

Damn Vulnerable NodeJS Application
MIT License
0 stars 0 forks source link

CX Client_Weak_Cryptographic_Hash @ core/authhandler.js [master] #12

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Client_Weak_Cryptographic_Hash issue exists @ core/authhandler.js in branch master

The application employs weak hashing in md5 at core\authhandler.js in line 47.

Severity: Low

CWE:310

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 49 78

Code (Line #49):

                if (req.query.token == md5(req.query.login)) {

Code (Line #78):

                    if (req.body.token == md5(req.body.login)) {
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 2 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)