Hard coding sensitive information, such as passwords, server IP addresses, and encryption keys , can expose the information to attackers. Anyone who has access to the class files can decompile them and discover the sensitive information. Consequently, programs must not hard code sensitive information.
...
A malicious user can use the javap -c Password command to disassemble the class and discover the hard coded password. The output of the disassembler, as shown below, reveals the password guest in clear text.
...
MSC18-C. Be careful while handling sensitive data, such as passwords, in program code | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8fc07dd76c01237f-7a662a61-4aa64e02-a980a8db-d733fa026883f6882b9d7c41"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Hard-coded Password [XYP]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE ID -259, "Use of Hard-coded Password" | ||||
| CWE ID -798, "Use of Hard-coded Credentials" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="18bb648c96899d47-63adf941-4c3e4145-9a79a34d-afa9721111fdb4557c19a06c"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. Bibliography#Chess 07]] | 11.2 Outbound Passwords: Keep Passwords out of Source Code | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d9a44c9f320f4469-da3b7977-4ee649aa-a065bdd7-55cb19332ee43f342788b002"><ac:plain-text-body><![CDATA[ | [[Fortify 2008 | AA. Bibliography#Fortify 08]] | "Unsafe Mobile Code: Database Access" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e7ad59ba6f586348-9c29fca9-4a234626-9003971b-a25ced8eaa3f27b6b1518c47"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | 9.4 Private Object State and Object Immutability | ]]></ac:plain-text-body></ac:structured-macro> |
...