CX Insufficiently_Protected_Credentials @ Models/User.cs [Merge_Branch]

Insufficiently_Protected_Credentials issue exists @ Models/User.cs in branch Merge_Branch

Method authorizeCreateAccessToken at line 86 of Models\User.cs gets a user password from the FirstOrDefault element. This element’s value then flows through the code without being encrypted and is written to the database in } at line 29 of Models\User.cs. This may enable passwords to be stolen by an attacker.

Severity: Low

CWE:522

Checkmarx

Training Recommended Fix

Lines: 86

Code (Line #86):

            FirstOrDefault();

Edited Feb 05, 2021 by Gabriel Prevelate