...
Do not hard code sensitive data in programs.
Hard coding sensitive data is considered very bad programming practice because it enforces the requirement of the development environment to be secureSee MSC41-C. Never hard code sensitive information for details.
Disable memory dumps.
Memory dumps are automatically created when your program crashes. They can contain information stored in any part of program memory. Therefore, memory dumps should be disabled before an application is shipped to users. See MEM06-C. Ensure that sensitive data is not written out to disk for details.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int validate(char *username) {
char *password;
char *checksum;
password = read_password();
checksum = compute_checksum(password);
erase(password); /* securelySecurely erase password */
return !strcmp(checksum, get_stored_checksum(username));
}
|
...
- If encrypting or hashing sensitive data, do not implement your own encryption functions (or library). Use proven secure crypto libraries, which have been extensively tested for security.
- If using standard crypto libraries, be aware that there are they have certain requirements (documented with the library) for the key sizes and other properties. Choose keys satisfying that satisfy these conditions.
- Do not store the encryption keys (you can derive the key from the hash of the user's password or any other cryptographic mechanism, provided the above condition holds). If the key is to be stored, store it securely.
...
- Be aware of compiler optimization when erasing memory. (See MSC06-C. Be aware Beware of compiler optimization when dealing with sensitive dataoptimizations.)
- Use secure erase methods specified in U.S. Department of Defense Standard 5220 [DOD 5220] or Peter Gutmann's paper [Gutmann 1996].
...
If sensitive data is not handled correctly in a program, an attacker can gain access to it.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC18-C |
Medium |
Probable |
Medium | P8 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| HARDCODED.AUTH HARDCODED.KEY HARDCODED.SALT MISC.PWD.PLAIN MISC.PWD.PLAINTRAN | Hardcoded Authentication Hardcoded Crypto Key Hardcoded Crypto Salt Plaintext Storage of Password Plaintext Transmission of Password | ||||||
| PC-lint Plus |
| 586 | Partially supported: reports functions that read passwords from the user or that take a password as an argument instead of prompting the user as well as insecure password erasure | ||||||
| Polyspace Bug Finder |
| Checks for:
Rec. partially covered. |
Related Guidelines
...
...
| MSC03-J. Never hard code sensitive information | |
| CERT C Secure Coding Standard | MSC41-C. Never hard code sensitive information |
| MITRE CWE |
...
...
| 259, |
...
| Use of |
...
| Hard-coded Password CWE-261, Weak Cryptography for Passwords CWE-311, Missing encryption of sensitive data CWE-319, Cleartext Transmission of Sensitive Information CWE-321, Use of Hard-coded Cryptographic Key CWE-326, |
...
| Inadequate encryption strength |
...
...
...
...
| 798, |
...
| Use of hard-coded credentials |
Bibliography
...