CX Heap_Inspection @ WebGoatCoins/ForgotPassword.aspx.cs [master]

[jbruinaud]

Heap_Inspection issue exists @ WebGoatCoins/ForgotPassword.aspx.cs in branch master

Method getPassword at line 94 of WebGoatCoins\ForgotPassword.aspx.cs defines password, which is designated to contain user passwords. However, while plaintext passwords are later assigned to password, this variable is never cleared from memory. 

Severity: Medium

CWE:244

Checkmarx

Lines: 96 70

---

Code (Line #96):

            string password = du.GetPasswordByEmail(email);

---

Code (Line #70):

                string encrypted_password = Request.Cookies["encr_sec_qu_ans"].Value.ToString();

---

[jbruinaud]

Issue still exists.

SUMMARY

Issue has total 2 vulnerabilities left to be fix (Please scroll to the top for more information)