Menu
Checkmarx reported a Heap inspection vulnerability regarding having a string for a Password property. This property is part of a model, which gets bound when submitting a login form. Is there a way in ASP.NET MVC to use anything else other than regular string to bind password from the form?
So far I have tried changing the property type to char [] or SecureString, but in that case the form doesn't bind the data to it.
public class LoginModel
{
[Required]
[Display(Name = "User name")]
public string UserName { get; set; }
[Required]
[DataType(DataType.Password)]
[Display(Name = "Password")]
public string Password { get; set; }
[Display(Name = "Remember me?")]
public bool RememberMe { get; set; }
}
728
Rename password field to something else... like "alienSecurity" and that's it CheckMarx will not able to catch it :)
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
