Leakage of sensitive data in local storage

PreviousLeakage of sensitive data in JWT NextLeakage of sensitive data to Airbrake

Last updated 8 months ago

Leakage of sensitive data in local storage

Overview

Rule ID: javascript_lang_session
Applicable Languages: Javascript
Weakness ID: CWE-312

Description

Storing sensitive data in localStorage presents a security risk. This vulnerability arises when sensitive information is kept in the browser's local storage, leaving it exposed to unauthorized access.

Remediation Guidelines

Avoid storing sensitive data in localStorage. This practice exposes sensitive information to potential security vulnerabilities.
```
localStorage.setItem('user', email); // insecure
```
Use server-based session storage solutions to keep session data secure. This method reduces the risk of sensitive data exposure.
Store only non-sensitive data in localStorage, such as a unique identifier, to mitigate security risks.
```
localStorage.setItem('user', user.uuid);
```

References

Configuration

PreviousLeakage of sensitive data in JWT NextLeakage of sensitive data to Airbrake

Last updated 8 months ago