cx-justin-ruth / CxFlowGithub

0 stars 0 forks source link

CX Hardcoded_password_in_Connection_String @ root/password.jsp [master] #20

Open cx-justin-ruth opened 2 years ago

cx-justin-ruth commented 2 years ago

Hardcoded_password_in_Connection_String issue exists @ root/password.jsp in branch master

The application contains hardcoded connection details, """", at line 10 of root\password.jsp. This connection string contains a hardcoded password, which is used in = at line 10 of root\password.jsp to connect to a database server with getConnection. This can expose the database password, and impede proper password management.

Severity: Medium

CWE:547

Vulnerability details and guidance

Checkmarx

Lines: 10


Code (Line #10):

String password1 = (String) request.getParameter("password1");