Hard coding sensitive information, such as passwords, server IP addresses, and encryption keys can expose the information to attackers. Anyone who has access to the class files can decompile them and discover the sensitive information. ConsequentlyLeaking data protected by ITAR or HIPAA can also have legal consequences. Consequently, programs must not hard code sensitive information.
...
Hard coding sensitive information exposes that information to attackers. Often, this information is sufficient for an attacker to obtain privilege escalation, and so the severity is high.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC03-J | MediumHigh | Probable | Medium | P8P12 | L2L1 |
Automated Detection
| Tool | Version | Checker | Description |
|---|---|---|---|
| Coverity | 7.5 | HARDCODED_CREDENTIALS CONFIG FB.DMI_CONSTANT_DB_ PASSWORD FB.DMI_EMPTY_DB_PASSWORD | Implemented |
| Fortify | 1.0 | Password_Management Password_Management__Hardcoded_Password | Partially Implemented |
| PMD | 1.0 | AvoidUsingHardCodedIP | Partially Implemented |
...