...
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| HARDCODED.AUTH HARDCODED.KEY HARDCODED.SALT MISC.CRYPTO.NOPAD MISC.PWD.PLAIN | Hardcoded Authentication Hardcoded Crypto Key Hardcoded Crypto Salt Encryption without Padding Plaintext Storage of Password | ||||||
| Polyspace Bug Finder | R2016a | Sensitive heap memory not cleared before release | Sensitive data not cleared or released by memory routine Variable in stack is not cleared and contains sensitive data Function is not reentrant or uses a risky encryption algorithm |
Related Guidelines
| CERT Oracle Secure Coding Standard for Java | MSC03-J. Never hard code sensitive information |
| MITRE CWE | CWE-259, Use of Hard-coded Password CWE-261, Weak Cryptography for Passwords CWE-311, Missing encryption of sensitive data CWE-319, Cleartext Transmission of Sensitive Information CWE-321, Use of Hard-coded Cryptographic Key CWE-326, Inadequate encryption strength CWE-798, Use of hard-coded credentials |
...