Leakage of sensitive data in local storage

Overview

Rule ID: javascript_lang_session
Applicable Languages: Javascript
Weakness ID: CWE-312

Description

Storing sensitive data in localStorage presents a security risk. This vulnerability arises when sensitive information is kept in the browser's local storage, leaving it exposed to unauthorized access.

Remediation Guidelines

Avoid storing sensitive data in localStorage. This practice exposes sensitive information to potential security vulnerabilities.
```
localStorage.setItem('user', email); // insecure
```
Use server-based session storage solutions to keep session data secure. This method reduces the risk of sensitive data exposure.
Store only non-sensitive data in localStorage, such as a unique identifier, to mitigate security risks.
```
localStorage.setItem('user', user.uuid);
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousLeakage of sensitive data in JWT NextLeakage of sensitive data to Airbrake

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration