Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent Use of Plain Text Passwords in wallets.js #198

Open
BrosG opened this issue May 24, 2023 · 0 comments
Open

Prevent Use of Plain Text Passwords in wallets.js #198

BrosG opened this issue May 24, 2023 · 0 comments
Assignees
@ksibisamir @hichri-louay
Labels
security

Comments

@BrosG
Copy link
Contributor

BrosG commented May 24, 2023

In the file wallets.js, the password sent in the request body is directly used for encryption and decryption in various functions like addWalletV2, addWalletTron, getWalletTron, and getWalletTronV2. Handling passwords in plain text can pose a security risk.
Suggestion: Instead of directly using the password from the request body, consider hashing the password before using it. This way, even if an attacker gains access to your system, they won't be able to easily decipher the original password.
`const hashedPassword = hashFunction(req.body.pass);

Verification: Once you've implemented the changes, verify that all instances where the password is used have been updated to use the hashed version. Also, ensure that the encryption and decryption processes are still working correctly by running your tests or manually checking these functionalities.`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ksibisamir ksibisamir

@hichri-louay hichri-louay

Labels
security
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

198-prevent-use-of-plain-text-passwords-in-walletsjs SaTT-Wallet/Backend
3 participants
@ksibisamir @BrosG @hichri-louay