DerScanner
Home / Vulnerability Database / Groovy : Undocumented feature: hidden functionality
Groovy

Groovy : Undocumented feature: hidden functionality

Classification

OWASP ASVS
Malicious Code
PCI DSS 4.0
2.2.4
CWE
CWE-506CWE-912

Overview

  • Find out why the encryption is used in the code. If it doesn’t influence the application functionality, remove it.

References

  1. The Art of the Backdoor
  2. CWE-912: Hidden Functionality
  3. CWE-506: Embedded Malicious Code
LOW

DerScanner Severity Score

Do you want to fix Groovy : Undocumented feature: hidden functionality in your application?

See also

Groovy

Groovy : Weak hashing algorithm

Groovy

Groovy : Hardcoded salt

Groovy

Groovy : Unsafe padding