CX Session_Fixation @ src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java [refs/heads/master]

github-actions[bot] commented 2 years ago

Session_Fixation issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java in branch refs/heads/master

Method processRequest at line 55 of src\main\java\org\cysecurity\cspf\jvl\controller\LoginValidator.java performs user authentication without terminating existing sessions. This may enable Session Fixation.

Severity: Medium

CWE:384

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 55 56 57 58

Code (Line #55):

                                   session.setAttribute("isLoggedIn", "1");

Code (Line #56):

                                   session.setAttribute("userid", rs.getString("id"));

Code (Line #57):

                                   session.setAttribute("user", rs.getString("username"));

Code (Line #58):

                                   session.setAttribute("avatar", rs.getString("avatar"));

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

DhavalPatelPersistent / JavaVulnerableLabTest

CX Session_Fixation @ src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java [refs/heads/master] #4