CX Heap_Inspection @ root/init.jsp [develop]

cx-demo / bodgeit

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.

1 stars 0 forks source link

CX Heap_Inspection @ root/init.jsp [develop] #89

Open cx-demo opened 4 years ago

cx-demo commented 4 years ago

Heap_Inspection issue exists @ root/init.jsp in branch develop

Method + at line 8 of root\init.jsp defines passwordSize, which is designated to contain user passwords. However, while plaintext passwords are later assigned to passwordSize, this variable is never cleared from memory.

Severity: Medium

CWE:244

Checkmarx

Lines: 8

Code (Line #8):

        int passwordSize = 5 + (int)(Math.random() * 10);

cx-demo commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

cx-demo commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)