Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

HARDCODED.AUTH

HARDCODED.KEY

HARDCODED.SALT

MISC.CRYPTO.NOPAD

MISC.PWD.PLAIN

Hardcoded Authentication

Hardcoded Crypto Key

Hardcoded Crypto Salt

Encryption without Padding

Plaintext Storage of Password

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

R2016a

Sensitive heap memory not cleared before release

Uncleared sensitive data in stack

Unsafe standard encryption function

Constant cipher key, predictable

Constant block cipher initialization vector

Predictable cipher key

Constant Predictable block cipher initialization vector

Sensitive data not cleared or released by memory routine

Variable in stack is not cleared and contains sensitive data

Function is not reentrant or uses a risky encryption algorithm

Encryption or decryption key is constant instead of randomized or  generated from a weak random number generator

Initialization vector is constant instead of randomized


Encryption or decryption key is generated from a weak random number generator

Initialization vector is generated from a weak random number generator

Related Guidelines

CERT Oracle Secure Coding Standard for JavaMSC03-J. Never hard code sensitive information
cMSC41-C. Never hard code sensitive information
MITRE CWECWE-259, Use of Hard-coded Password
CWE-261, Weak Cryptography for Passwords
CWE-311, Missing encryption of sensitive data
CWE-319, Cleartext Transmission of Sensitive Information
CWE-321, Use of Hard-coded Cryptographic Key
CWE-326, Inadequate encryption strength
CWE-798, Use of hard-coded credentials

...