CX Plaintext_Storage_of_a_Password @ src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java [refs/heads/master]

jvlstuff / JavaVulnerableLab

lab

GNU General Public License v2.0

0 stars 1 forks source link

CX Plaintext_Storage_of_a_Password @ src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java [refs/heads/master] #189

Open github-actions[bot] opened 2 years ago

github-actions[bot] commented 2 years ago

Plaintext_Storage_of_a_Password issue exists @ src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java in branch refs/heads/master

The password 26 did not used a secure scheme to store the password - this may allow attackers to retrieve it, and use it to access authenticated resources.

Severity: Medium

CWE:256

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 26

Code (Line #26):

        properties.load(new FileInputStream(path));

github-actions[bot] commented 2 years ago

Issue still exists.