Closed VashuC closed 11 months ago
Password seems to be hard coded and would be visible. Code would need either scramble it or encrypt any password sent out to auth service.
/workspaces/codetocloud-workshop/src/main/java/org/owasp/webgoat/container/users/UserForm.java Code looks to have the password as plain text
Cookies would have text visible as plain text.
Any new user and existing user signing in.
Summary
Password seems to be hard coded and would be visible. Code would need either scramble it or encrypt any password sent out to auth service.
Details
/workspaces/codetocloud-workshop/src/main/java/org/owasp/webgoat/container/users/UserForm.java Code looks to have the password as plain text
PoC
Cookies would have text visible as plain text.
Impact
Any new user and existing user signing in.