CX Insecure_Storage_of_Sensitive_Data @ config/db.js [master]

rudy-marquez / dvna

Damn Vulnerable NodeJS Application

MIT License

0 stars 0 forks source link

CX Insecure_Storage_of_Sensitive_Data @ config/db.js [master] #72

Open rudy-marquez opened 2 years ago

rudy-marquez commented 2 years ago

Insecure_Storage_of_Sensitive_Data issue exists @ config/db.js in branch master

The application takes sensitive, personal data MYSQL_PASSWORD, found at line 3 of config\db.js, and stores it in an unprotected manner, without encryption, to sync at line 28 of models\index.js.

Severity: High

CWE:933

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 3

Code (Line #3):

  password: process.env.MYSQL_PASSWORD,

rudy-marquez commented 2 years ago

Issue still exists.

rudy-marquez commented 2 years ago

Issue still exists.

rudy-marquez commented 2 years ago

Issue still exists.

rudy-marquez commented 2 years ago

Issue still exists.

rudy-marquez commented 2 years ago

Issue still exists.