starkgazer1729 commented 1 month ago

Description of the Vulnerability

login.html line 66 Storing sensitive information (like passwords) in localStorage.

Storing sensitive information like passwords in localStorage poses a significant security risk. localStorage is accessible via JavaScript running in the context of the web page, which makes it vulnerable to various types of attacks, including Cross-Site Scripting (XSS) attacks. If an attacker can inject malicious scripts into the web page, they can easily access localStorage and retrieve sensitive information, leading to potential account compromise and data breaches

Data stored in localStorage persists even after the browser is closed and reopened. This increases the risk of unauthorized access if the device is shared or if it falls into the wrong hands.

localStorage does not provide built-in encryption. Sensitive data stored in it remains in plain text, which can be easily read if accessed

Screen Shot of the Vulnerable Code

Impact of the vulnerability

5/5

Recommended Steps to resolve it?

Avoid storing sensitive information such as passwords in localStorage. Instead, use secure, HTTP-only cookies to store session tokens.

School Name

BLUE BELLS MODEL SCHOOL

jiveshkalra commented 1 month ago

Please provide proper description

starkgazer1729 commented 1 month ago

updated with description

jiveshkalra / SecureHack-Quest-TechBuzz

Storing sensitive information in localStorage #29

Description of the Vulnerability

Screen Shot of the Vulnerable Code

Impact of the vulnerability

Recommended Steps to resolve it?

School Name