CX Insecure_Storage_of_Sensitive_Data @ core/passport.js [master]

rudy-marquez / dvna

Damn Vulnerable NodeJS Application

MIT License

0 stars 0 forks source link

CX Insecure_Storage_of_Sensitive_Data @ core/passport.js [master] #76

Open rudy-marquez opened 2 years ago

rudy-marquez commented 2 years ago

Insecure_Storage_of_Sensitive_Data issue exists @ core/passport.js in branch master

The application takes sensitive, personal data password, found at line 67 of core\passport.js, and stores it in an unprotected manner, without encryption, to create at line 65 of core\passport.js.

Severity: High

CWE:933

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 67

Code (Line #67):

                                    password: createHash(password),

rudy-marquez commented 2 years ago

Issue still exists.

rudy-marquez commented 2 years ago

Issue still exists.

rudy-marquez commented 2 years ago

Issue still exists.

rudy-marquez commented 2 years ago

Issue still exists.

rudy-marquez commented 2 years ago

Issue still exists.