CX Information_Exposure_Through_an_Error_Message @ App_Code/DB/MySqlDbProvider.cs [master]

[jbruinaud]

Information_Exposure_Through_an_Error_Message issue exists @ App_Code/DB/MySqlDbProvider.cs in branch master

Method CustomCustomerLogin, at line 146 of App_Code\DB\MySqlDbProvider.cs, handles an Exception or runtime Error ex. During the exception handling code, the application exposes the exception details to Error, in method CustomCustomerLogin of App_Code\DB\MySqlDbProvider.cs, line 146.

Severity: Low

CWE:209

Checkmarx

Lines: 288 289 372 551 552 184 313 314 235 189

---

Code (Line #288):

                log.Error("Error adding comment", ex);

---

Code (Line #289):

                output = ex.Message;

---

Code (Line #372):

                result = ex.Message;

---

Code (Line #551):

                log.Error("Error getting email by customer number", ex);

---

Code (Line #552):

                output = ex.Message;

---

Code (Line #184):

                log.Error("Error with custom customer login", ex);

---

Code (Line #313):

                log.Error("Error updating customer password", ex);

---

Code (Line #314):

                output = ex.Message;

---

Code (Line #235):

                log.Error("Error getting customer details", ex);

---

Code (Line #189):

                log.Error("Error with custom customer login", ex);

---

[jbruinaud]

Issue still exists.

SUMMARY

Issue has total 10 vulnerabilities left to be fix (Please scroll to the top for more information)