Groovy : Hard code sensitive information

Classification

OWASP Top 10 2021

A4-Insecure Design

CWE

CWE-257 CWE-522 CWE-798

CWE/SANS Top 25 2011

CWE-798

CWE/SANS Top 25 2021

CWE-522 CWE-798

Overview

Hard coding sensitive information, such as passwords, server IP addresses, and encryption keys can expose the information to attackers. Anyone who has access to the class files can decompile them and discover the sensitive information. Leaking data protected by International Traffic in Arms Regulations (ITAR) or the Health Insurance Portability and Accountability Act (HIPAA) can also have legal consequences. Consequently, programs must not hard code sensitive information.

References

Confluence: Never hard code sensitive information
CWE-798: Use of Hard-coded Credentials

MEDIUM

Groovy : Hard code sensitive information

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Groovy : Hard code sensitive information in your application?

See also

Groovy : Weak hashing algorithm

Groovy : Hardcoded salt

Groovy : Unsafe padding