...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| HARDCODED.AUTH HARDCODED.KEY HARDCODED.SALT MISC.CRYPTO.NOPAD MISC.PWD.PLAIN | Hardcoded Authentication Hardcoded Crypto Key Hardcoded Crypto Salt Encryption without Padding Plaintext Storage of Password |
Related Guidelines
| CERT Oracle Secure Coding Standard for Java | MSC03-J. Never hard code sensitive information |
| MITRE CWE | CWE-311, Missing encryption of sensitive data CWE-326, Inadequate encryption strength CWE-798, Use of hard-coded credentials |
...