SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 107

changes.mady.by.user Arthur Hicken

Saved on

compared with

New Version 108

changes.mady.by.user G. Ann Campbell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ToolVersionCheckerDescription
Coverity7.5

HARDCODED_CREDENTIALS
CONFIG
FB.DMI_CONSTANT_DB_ PASSWORD
FB.DMI_EMPTY_DB_PASSWORD

Implemented
Fortify1.0

Password_Management
Password_Management__Hardcoded_Password

Partially implemented
Parasoft Jtest9.5SECURITY.WSC.HCCS, SECURITY.WSC.HCCK, SECURITY.WSC.AHCAImplemented
PMD1.0AvoidUsingHardCodedIPPartially implemented
SonarQube Plugin
Include Page
SonarQube Plugin_V
SonarQube Plugin_V
S1313Partially implemented

Related Vulnerabilities

GERONIMO-2925 describes a vulnerability in the WAS CE tool, which is based on Apache Geronimo. It uses the Advanced Encryption Standard (AES) to encrypt passwords but uses a hard-coded key that is identical for all the WAS CE server instances. Consequently, anyone who can download the software is provided with the key to every instance of the tool. This vulnerability was resolved by having each new installation of the tool generate its own unique key and use it from that time on.

...