...
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| HARDCODED.AUTH HARDCODED.KEY HARDCODED.SALT MISC.PWD.PLAIN | Hardcoded Authentication Hardcoded Crypto Key Hardcoded Crypto Salt Plaintext Storage of Password | ||||||
| Polyspace Bug Finder |
| Checks for:
Sensitive heap memory not cleared before release Uncleared sensitive data in stack Unsafe standard encryption function Constant
Predictable block cipher initialization vector Sensitive data not cleared or released by memory routine Variable in stack is not cleared and contains sensitive data Function is not reentrant or uses a risky encryption algorithm Encryption or decryption key is constant instead of randomized or generated from a weak random number generator Initialization vector is constant instead of randomized Encryption or decryption key is generated from a weak random number generator
Rec. partially covered.Initialization vector is generated from a weak random number generator |
Related Guidelines
| CERT Oracle Secure Coding Standard for Java | MSC03-J. Never hard code sensitive information |
| c | MSC41-C. Never hard code sensitive information |
| MITRE CWE | CWE-259, Use of Hard-coded Password CWE-261, Weak Cryptography for Passwords CWE-311, Missing encryption of sensitive data CWE-319, Cleartext Transmission of Sensitive Information CWE-321, Use of Hard-coded Cryptographic Key CWE-326, Inadequate encryption strength CWE-798, Use of hard-coded credentials |
...