Home / Vulnerability Database / Apex : Hardcoded password
Apex
Apex : Hardcoded password
Classification
OWASP Top 10 2017
OWASP Top 10 2021
OWASP ASVS
HIPAA
Overview
Hardcoded password can lead to the application data being compromised.
Eliminating the security risks related to the password specified in the source code is extremely difficult. These passwords are at least accessible to every developer of the application. Moreover, after the application is installed, removing from the password from its code is possible by updating only. If these parameters become known to an attacker, system administrators will be forced either to neglect the safety or to restrict the access to the application.
References
- Use of hard-coded password
- CWE-259: Use of Hard-coded Password
- OWASP Top 10 2013-A5-Security Misconfiguration
- OWASP Top 10 2013-A6-Sensitive Data Exposure
- Handling passwords used for auth in source code - stackoverflow.com
- How to securely hash passwords? - security.stackexchange.com
- OWASP Top 10 2017-A2-Broken Authentication
- OWASP Top 10 2017-A3-Sensitive Data Exposure
- CWE-798: Use of Hard-coded Credentials
- CWE CATEGORY: OWASP Top Ten 2017 Category A2 - Broken Authentication
- CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM
DerScanner Severity Score
Do you want to fix Apex : Hardcoded password in your application?
See also
Apex
Apex : Null salt
Apex
Apex : Empty encryption key
Apex