CX Log_Forging @ Content/MessageDigest.aspx.cs [master]

[jbruinaud]

Log_Forging issue exists @ Content/MessageDigest.aspx.cs in branch master

Method btnDigest_Click at line 21 of Content\MessageDigest.aspx.cs gets user input from element Text. This element’s value flows through the code without being properly sanitized or validated, and is eventually used in writing an audit log in GenerateWeakDigest at line 14 of App_Code\WeakMessageDigest.cs. This may enable Log Forging.

Severity: Low

CWE:117

Checkmarx

Lines: 23 25

---

Code (Line #23):

            string result = WeakMessageDigest.GenerateWeakDigest(txtBoxMsg.Text);

---

Code (Line #25):

            log.Info(string.Format("Result for {0} is: {1}", txtBoxMsg.Text, result));

---