CX Security_Misconfiguration @ server.js [master]

Custodela / dvna-shard-test

Damn Vulnerable NodeJS Application

MIT License

0 stars 0 forks source link

CX Security_Misconfiguration @ server.js [master] #3

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Security_Misconfiguration issue exists @ server.js in branch master

The application takes sensitive, personal data "keyboard cat", found at line 25 of server.js, and stores it in an unprotected manner, without encryption, to session at line 24 of server.js.

Severity: High

CWE:933

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 25

Code (Line #25):

  secret: 'keyboard cat',

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)