login.html
line 66
Storing sensitive information (like passwords) in localStorage.
Storing sensitive information like passwords in localStorage poses a significant security risk. localStorage is accessible via JavaScript running in the context of the web page, which makes it vulnerable to various types of attacks, including Cross-Site Scripting (XSS) attacks.
If an attacker can inject malicious scripts into the web page, they can easily access localStorage and retrieve sensitive information, leading to potential account compromise and data breaches
Data stored in localStorage persists even after the browser is closed and reopened. This increases the risk of unauthorized access if the device is shared or if it falls into the wrong hands.
localStorage does not provide built-in encryption. Sensitive data stored in it remains in plain text, which can be easily read if accessed
Screen Shot of the Vulnerable Code
Impact of the vulnerability
5/5
Recommended Steps to resolve it?
Avoid storing sensitive information such as passwords in localStorage. Instead, use secure, HTTP-only cookies to store session tokens.
Description of the Vulnerability
login.html line 66 Storing sensitive information (like passwords) in localStorage.
Storing sensitive information like passwords in localStorage poses a significant security risk. localStorage is accessible via JavaScript running in the context of the web page, which makes it vulnerable to various types of attacks, including Cross-Site Scripting (XSS) attacks. If an attacker can inject malicious scripts into the web page, they can easily access localStorage and retrieve sensitive information, leading to potential account compromise and data breaches
Data stored in localStorage persists even after the browser is closed and reopened. This increases the risk of unauthorized access if the device is shared or if it falls into the wrong hands.
localStorage does not provide built-in encryption. Sensitive data stored in it remains in plain text, which can be easily read if accessed
Screen Shot of the Vulnerable Code
Impact of the vulnerability
5/5
Recommended Steps to resolve it?
Avoid storing sensitive information such as passwords in localStorage. Instead, use secure, HTTP-only cookies to store session tokens.
School Name
BLUE BELLS MODEL SCHOOL