Sensitive information sent insecurely - TypeScript

Sensitive information sent insecurely - TypeScript

Need

Secure transmission of sensitive information

Context

  • Usage of TypeScript for type-checking and enhanced JavaScript development
  • Usage of Express for building web applications and APIs

Description

Non compliant code

        import express from 'express';

const app = express();

app.get('/login', (req, res) => {
  const username = req.query.username;
  const password = req.query.password;

  // Sending sensitive information insecurely
  res.send(`Welcome, ${username}! Your password is ${password}`);
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});
        
        

The vulnerability in this code is that it sends sensitive information (the username and password) insecurely through the response of an HTTP GET request. The username and password are obtained from the query parameters req.query.username and req.query.password, respectively.

By sending this sensitive information in the response, it can be easily intercepted and accessed by attackers. This poses a significant risk as it can lead to unauthorized access to user accounts and potentially compromise sensitive data.

To fix this vulnerability, it is recommended to send sensitive information through a more secure channel. This can be achieved by using session variables or by using the HTTP POST method instead of GET. Additionally, it is important to ensure that the sensitive information is properly encrypted and protected during transmission.

Steps

  • Modify the route handler for '/login' to use the HTTP POST method instead of GET
  • In the route handler, retrieve the username and password from the request body instead of the query parameters
  • Implement a secure method to store and validate user credentials, such as using a secure database or encryption
  • Use a secure channel, such as HTTPS, to transmit sensitive information

Compliant code

        import express from 'express';

const app = express();

app.use(express.json());

app.post('/login', (req, res) => {
  const username = req.body.username;
  const password = req.body.password;

  // Implement secure credential storage and validation logic here

  // Sending response securely
  res.send(`Welcome, ${username}!`);
});

app.listen(3000, () => {
  console.log('Server is running on port 3000');
});
        
        

The fixed code is written in TypeScript using the Express framework. It addresses the vulnerability by ensuring that sensitive information, such as credentials, is sent securely.

First, the code imports the necessary dependencies, including the Express module. It then creates an instance of the Express application.

The app.use(express.json()) middleware is used to parse incoming requests with JSON payloads. This allows the server to extract data from the request body.

The code defines a route handler for the '/login' endpoint using the HTTP POST method. Inside the route handler, it retrieves the username and password from the request body using req.body.username and req.body.password respectively.

To address the vulnerability, the code suggests implementing secure credential storage and validation logic. This could involve using encryption techniques to store and compare passwords securely, such as hashing algorithms with salt.

Finally, the code sends a response securely by using the res.send() method to send a welcome message to the client. This response does not include any sensitive information.

The server is set to listen on port 3000 using the app.listen() method.

By implementing secure credential storage and validation logic, and sending responses securely, the code addresses the vulnerability of sending sensitive information insecurely.

References