Reputation: 61
Privacy Violation Checkmarx
On scanning code using checkmarx for security vulnerabilities, a privacy violation issue was reported pointing to a variable name.
public const string Authentication = "authentication";
I am using this variable to create a region in cache by this name("authentication") which stores all the authentication related details.
Is it right to change this variable name into some less meaningful name in order to fix privacy violation issue. How is this a security threat?
Upvotes: 6
Views: 22596
Answers (2)
Reputation: 141
Checkmarx is looking for variables with names like 'password', 'credentials', 'Authentication' etc.. and when it sees that you are assigning them a value, it warns you that you might be storing sensitive information in the code (hardcoding it). In the case that you mentioned it looks like a false positive because this is not sensitive information.
Upvotes: 13
Reputation: 134
It's probably a false positive. You should see what the privacy violation rule looks for, and understand how it works...
You can also mark it as false positive and move on... Change status to not exploitable
Upvotes: 1
Related Questions
- How to resolve "Deserialization of Untrusted Data" error reported by Checkmarx scan issue
- How to resolve "Deserialization of Untrusted Data" error reported by Checkmarx
- Improper Resource Access Authorization error in checkmarx when reading a property
- Unsafe Object Binding in Checkmarx scan
- How to solve Stored XSS issue reported by Checkmarx
- Has anyone seen an exception like this?
- .net security exception
- Security Exception error
- Security Exception
- security exception in asp.net