search

jshttp / basic-auth

Generic basic auth Authorization header field parser
MIT License
703 stars 86 forks source link

Security Vulnerability pick up by Fortify Scan (basic-auth) #47

Closed nekyouto closed 3 years ago

nekyouto commented 3 years ago

Good Afternoon basic-auth team,

We were performing a scan on the basic-auth Javascript library and the Fortify application has picked up the following items that are discovered as vulnerabilities. (Reason being our project has imported this library as a dependency and part of our deliverable would requires the scanning of the full source code and identify/remove the vulnerable.)

(Low) Password Management: Password in Comment No of items picked by the Fortify Scan: 1 Kindly refer to the following image, scanImage1.png scanImage1

Do give us a heads up on when the team is planning to fix these vulnerabilities and/or the possible workarounds to prevent the same items to be picked up by the Fortify Scans again.

dougwilson commented 3 years ago

Based on your photo, it looks like your security software is confused about the jsdoc (the documentation). It looks like it is a false detection you may need to let your security vendor know about.