Product

SAST
Catch vulnerabilities as you develop DAST
Test live web applications like an attacker SCA
Secure open-source and supply chain MAST
Secure mobile apps from code to store Compliance
Align with standards while shipping secure code

Resources

Vulnerability database Healthy Package

Pricing Partners About Us Log In

Groovy : Null password

Classification

OWASP Top 10 2013 A2-Broken Authentication and Session Management A6-Sensitive Data Exposure OWASP Top 10 2017 A2-Broken Authentication OWASP Top 10 2021 A4-Insecure Design A7-Identification and Authentication Failures OWASP ASVS Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication Authentication PCI DSS 4.0 6.2.4 8.3.2 HIPAA §164.312 (a)(1) CWE CWE-257 CWE-259 CWE-522 CWE-862 CWE-1028 CWE-1032 CWE/SANS Top 25 2011 CWE-862 CWE/SANS Top 25 2021 CWE-522 CWE-862

Overview

Password with a value of null can result in an application compromise.

Assigning null to password variables can allow attackers to bypass password verification or might indicate that resources are protected by an empty password.

References

Do you want to fix Groovy : Null password in your application?

DerScanner Severity Score

Do you want to fix Groovy : Null password in your application?

See also

Groovy : Call of System.exit()

Groovy : Undocumented feature: network activity

Groovy : Cookie: transmission not over SSL