Skip to content

Heap_Inspection @ /LoginValidator.java #280

New issue
New issue
Open
Open
Heap_Inspection @ /LoginValidator.java#280
Labels
CheckmarxSASTbranch:mainproject:cx-boris-goman/borJavaVul
@cx-boris-goman

Description

@cx-boris-goman
cx-boris-goman
opened on Apr 9, 2025

Checkmarx (SAST): Heap_Inspection
Security Issue: Read More about Heap_Inspection
Checkmarx Project: cx-boris-goman/borJavaVul
Repository URL: https://github.com/cx-boris-goman/borJavaVul
Branch: main
Scan ID: df63710a-c9c2-4406-9ad7-319bd05458a4

Method processRequest at line 10 of /LoginValidator.java defines pass, which is designated to contain user passwords. However, while plaintext passwords are later assigned to pass, this variable is never cleared from memory.

Result 1:
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. pass: /LoginValidator.java[10,18]
    Review result in Checkmarx One: Heap_Inspection

Result 2:
Severity: LOW
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. password: /LoginValidator.java[30,47]
    Review result in Checkmarx One: Heap_Inspection

Metadata

Metadata

Assignees

No one assigned

    Labels

    CheckmarxSASTbranch:mainproject:cx-boris-goman/borJavaVul

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions