CX Side_Channel_Data_Leakage @ src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java [master]

santhoshr06 commented 3 years ago

Side_Channel_Data_Leakage issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java in branch master

Method processRequest at line 44 of src\main\java\org\cysecurity\cspf\jvl\controller\LoginValidator.java gets private data from element pass . This element’s value flows through the code and is sent or written outside of the device or to external media or to a log file in processRequest at line 66 of src\main\java\org\cysecurity\cspf\jvl\controller\LoginValidator.java. This constitutes Side Channel Data Leakage.

Severity: High

CWE:359

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: 44

Code (Line #44):

          String pass=request.getParameter("password").trim();

santhoshr06 commented 3 years ago

Issue still exists.

santhoshr06 commented 3 years ago

Issue still exists.

santhoshr06 / CxFlowDemo

CX Side_Channel_Data_Leakage @ src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java [master] #78