Description
CWE: 256 Plaintext Storage of Password
BadSource: Read the password from a file
GoodSource: Read the password from a file and decrypt it
Sinks:
GoodSink: Decrypt the password then authenticate the user using LogonUserW()
BadSink : Authenticate the user using LogonUserW()
Flow Variant: 84 Data flow: data passed to class constructor and destructor by declaring the class object on the heap and deleting it after use
Flaws
Test Suites
Documentation
Have any comments on this test case? Please, send us an email.