CX Security_Misconfiguration @ server.js [master] #10
Description
Security_Misconfiguration issue exists @ server.js in branch master
The application takes sensitive, personal data cookieSecret, found at line 80 of server.js, and stores it in an unprotected manner, without encryption, to session at line 31 of server.js.
Severity: High
CWE:933
Vulnerability details and guidance
Internal Guidance
Lines: 84
secret: config.cookieSecret,
Metadata
Metadata
Assignees
Labels
No labels