search

cx-demo / bodgeit

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
1 stars 0 forks source link

CX Hardcoded_password_in_Connection_String @ root/dbconnection.jspf [develop] #100

Open cx-demo opened 4 years ago

cx-demo commented 4 years ago

Hardcoded_password_in_Connection_String issue exists @ root/dbconnection.jspf in branch develop

The application contains hardcoded connection details, """", at line 5 of root\dbconnection.jspf. This connection string contains a hardcoded password, which is used in jspInit at line 5 of root\dbconnection.jspf to connect to a database server with getConnection. This can expose the database password, and impede proper password management.

Severity: Medium

CWE:547

Checkmarx

Lines: 10

Code (Line #10):

            conn = DriverManager.getConnection("jdbc:hsqldb:mem:SQL", "sa", "");
cx-demo commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

cx-demo commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)