secDevLabs icon indicating copy to clipboard operation
secDevLabs copied to clipboard
verified publisher icon globocom

[A7] - Identity and Authentication Failures - Python - Saidajaula Monster Fit - Solution

Open henriporto opened this issue 3 years ago • 2 comments

This solution refers to which of the apps?

A7 - Identity and Authentication Failures - Python - Saidajaula Monster Fit

What did you do to mitigate the vulnerability?

Implemented Flask-Session extension with Redis.

Did you test your changes? What commands did you run?

Yes, following the attack narrative.

Captura de Tela 2022-05-09 às 17 57 09

henriporto avatar Apr 12 '22 02:04 henriporto

This pull request introduces 2 alerts and fixes 3 when merging f2cffdf93c7a704ba7f07077439cd5f208debf33 into cc819e2879e8a08e7574bb94fde342e913e4fb7f - view on LGTM.com

new alerts:

  • 1 for Testing equality to None
  • 1 for Information exposure through an exception

fixed alerts:

  • 1 for Unused import
  • 1 for Use of a broken or weak cryptographic hashing algorithm on sensitive data
  • 1 for Clear-text storage of sensitive information

lgtm-com[bot] avatar Apr 12 '22 02:04 lgtm-com[bot]

This pull request introduces 2 alerts and fixes 3 when merging 19b8d7eacb000a48893d4e4adee91fd1ff3df37a into 6e036c0860098d7b705ef56eb3a944e94471ef77 - view on LGTM.com

new alerts:

  • 1 for Testing equality to None
  • 1 for Information exposure through an exception

fixed alerts:

  • 1 for Unused import
  • 1 for Use of a broken or weak cryptographic hashing algorithm on sensitive data
  • 1 for Clear-text storage of sensitive information

lgtm-com[bot] avatar May 09 '22 21:05 lgtm-com[bot]

Hey @henriporto our lgtm bot get one more issue in your PR, can you fix that too?

fguisso avatar Nov 09 '22 14:11 fguisso

Hey @henriporto our lgtm bot get one more issue in your PR, can you fix that too?

done. thanks!

henriporto avatar Nov 19 '22 22:11 henriporto

You rock @henriporto !!! 🚀

fguisso avatar Nov 21 '22 16:11 fguisso