tianjk99
tianjk99
Please check if there is any problem with the hard-coded key. 1. backstage/adminGroup/src/utils/crypto.js, line12 Using fixed keys may reduce encryption security because an attacker can guess or predict them. To...
Please check if there is a security issue. 1. server/server.js, line 40. Setting "httpOnly" to false may be due to specific design needs or use cases. In some cases, applications...
Please check if there is any problem with using fixed password. 1. f2etest-web\control\statteam.js, line 119 The presence of a hardcoded password in the HMAC implementation introduces vulnerabilities that can compromise...
The code snippet in the file "mock_backend/index.js" includes a login endpoint ("/api/v2/auth/login") that sets a fixed session identifier (SID) in a cookie. This fixed value of "8c212779b4abde7A" may raise security...
Please check if there is any problem with using weak cryptographic algorithms. The current implementation in the code utilizes the MD5 and SHA1 hash algorithm, which is considered weak and...
Some code snippets in the project use outdated encryption algorithms and fixed initialization vectors, which may lead to security vulnerabilities. It is recommended to improve the security and data integrity...
A security issue was found in your project. I hope you will check whether this approach poses security risks. 1. src/common/util/getRPCEndpoint.js, line 6. The current implementation in getRPCEndpoint.js disables certificate...
Please check if there is any problem. The code in the file "user.js" at the path "innovate-digital-bank/portal/routes" includes a logout endpoint ("/endpoints/logout") that stores the session identifier (sid) in a...
Please check if there is an issue with signing using RSASSA-PKCS1-v1_5 padding mode. 1. src/util/ws.js, line 31 2. src/util/ws.js, line 290 3. src/util/ws.js, line 304 It's important to note that...
The function initCookie sets "httpOnly" to false, allowing client-side JavaScript to access cookies that may contain sensitive data. This introduces potential security risks and vulnerabilities. `res.cookie("sid", sid, { expires :...