Page History

...

Hard coding sensitive information also increases the need to manage and accommodate changes to the code. For example, changing a hard-coded password in a deployed program may require distribution of a patch [Chess 2007].

Noncompliant Code Example (Hard-Coded Database Password)

This noncompliant code example must authenticate to a remote service with a code, using the authenticate() function declared below. It passes the authentication code to this function as a string literal.

...

The authentication code exists in the program's binary executable and can be easily discovered.

Implementation Details (Unix)

Many Unix platforms provide a strings utility that prints out all of the ASCII strings in a binary file. Here is the output of running strings on this program, on an Ubuntu 16.04 platform:

% strings a.out
...
AUATL
[]A\A]A^A_
correct code
Authentication error
Authentication successful
...
%

Compliant Solution

This compliant solution requires the user to supply the authentication code, and securely erases it when done, using the memset_s() function, provided by C11.

...

Alternatively, the program could read the authentication code from a file, letting file system security protect the file and the code from untrusted users.

Risk Assessment

Hard coding sensitive information exposes that information to attackers. The severity of this rule can vary depending on the kind of information that is disclosed. Frequently, the information disclosed is password or key information, which can lead to remote exploitation. Consequently, a high severity rating is given but may be adjusted downwards according to the nature of the sensitive data. 

Automated Detection

Related Guidelines

Bibliography

...