Technical information leak - Credentials
Description
When the login page is accessed, a request is triggered in whose response includes an unminified and non-obfuscated script in which the BotChat Direct Line Secret Key can be read in plain text.
Impact
Obtain the direct line secret key and connect directly to the application bot.
Recommendation
- Minify and obfuscate binaries.
- Use a vault service or environment variables to protect sensitive information.
Threat
Anonymous attacker consults the login page.
Expected Remediation Time
⌚ 60 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the vulnerability.
Base
- Attack vector: N
- Attack complexity: L
- Privileges required: N
- User interaction: N
- Scope: U
- Confidentiality: L
- Integrity: N
- Availability: N
Temporal
- Exploit code madurity: X
- Remediation level: O
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:X
- Score:
- Base: 5.3
- Temporal: 5.1
- Severity:
- Base: Medium
- Temporal: Medium
Code Examples
Compliant code
The application does not contain any method that contains sensitive information
const logIn = (req, res) => {
if (isValidUser(req.body.user) && isValidToken(req.body.user.token)) {
//Avoid external scripts that contain sensitive information
res.message("Successful login");
redirect('users/main');
}
}
Non compliant code
There are scripts being used that contain plain text access keys
const logIn = (req, res) => {
if (isValidUser(req.body.user) && isValidToken(req.body.user.token)) {
//the callScript method stores a secret key in plaint text
res.message(callScript());
redirect('users/main');
}
}
Requirements
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.