search

jbruinaud / WebGoatNet

WebGoat .Net for demos
0 stars 0 forks source link

CX Heap_Inspection @ ChangePassword.aspx [master] #78

Open jbruinaud opened 4 years ago

jbruinaud commented 4 years ago

Heap_Inspection issue exists @ ChangePassword.aspx in branch master

Method /> at line 12 of ChangePassword.aspx defines CurrentPassword, which is designated to contain user passwords. However, while plaintext passwords are later assigned to CurrentPassword, this variable is never cleared from memory. 

Severity: Medium

CWE:244

Checkmarx

Lines: 18 12 15

Code (Line #18):

Confirmation:&nbsp; <asp:TextBox ID="ConfirmNewPassword" runat="server" TextMode="Password" />

Code (Line #12):

Old Password:&nbsp; <asp:TextBox ID="CurrentPassword" runat="server" TextMode="Password" />

Code (Line #15):

New Password:&nbsp; <asp:TextBox ID="NewPassword" runat="server" TextMode="Password" />
jbruinaud commented 4 years ago

Issue still exists.

SUMMARY

Issue has total 3 vulnerabilities left to be fix (Please scroll to the top for more information)