CX Security_Misconfiguration @ app/routes/session.js [master] #7
Description
Security_Misconfiguration issue exists @ app/routes/session.js in branch master
The application takes sensitive, personal data password, found at line 189 of app\routes\session.js, and stores it in an unprotected manner, without encryption, to anony140326909var at line 117 of app\data\user-dao.js.
Severity: High
CWE:933
Vulnerability details and guidance
Internal Guidance
Lines: 195
var password = req.body.password;