Vulnerability issue on Empty passwords - Fortify Priority: High

sockjs / sockjs-client

WebSocket emulation - Javascript client

MIT License

8.45k stars 1.3k forks source link

Open francescaProject opened 9 months ago

francescaProject commented 9 months ago

Empty passwords may compromise system security in a way that cannot be easily remedied. Line 5016 on sockjs.js url.username = url.password = '';

RaviGprec commented 8 months ago

Even our project also got high vulnerability reported against empty password in sockjs.min.js. @francescaProject - Have you got any fix for this?

francescaProject commented 8 months ago

Even our project also got high vulnerability reported against empty password in sockjs.min.js. @francescaProject - Have you got any fix for this?

unfortunately not