All geek questions in one place

Heap Security Vulnerability

I launched the java application against the checkmarkx tool for a security vulnerability, and it constantly gives a problem - Heap Inspection, for my password field, for which I use an array of characters. This provides no more explanation than just specifying a password field declaration.

private char[] passwordLength;

Can someone help me here, what else can I find for this?

+5
source share
2 answers

Heap checking is confidential information stored in the computer’s memory, unencrypted, so if an attacker performs a memory dump (for example, a Heartbleed error), this information is compromised. Thus, simply storing this information makes it vulnerable.

, ​​ , , GuardedString String char, , .

. CWE ( C/++, ​​ Java).

+6

security.stackexchange.com " char [] ".

TL;DR: .

PS: , (, ). , / .

0

Source: https://habr.com/ru/post/1588928/

More articles:


All Articles