Home / Vulnerability Database / Go : Null password
Go
Go : Null password
Classification
OWASP Top 10 2017
OWASP Top 10 2021
OWASP ASVS
HIPAA
CWE/SANS Top 25 2021
Overview
Password with a value of nil can result in an application compromise.
Assigning nil to password variables can allow attackers to bypass password verification or might indicate that resources are protected by an empty password.
References
- CWE-259: Use of Hard-coded Password
- OWASP Top 10 2013-A5-Security Misconfiguration
- OWASP Top 10 2013-A6-Sensitive Data Exposure
- OWASP Top 10 2017 A2-Broken Authentication
- CWE CATEGORY: OWASP Top Ten 2017 Category A2 - Broken Authentication
- CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
LOW
DerScanner Severity Score
Do you want to fix Go : Null password in your application?
See also
Go
Go : Undocumented feature: special account
Go
Go : Nil salt
Go
