Hard-coded Password in Database Connection String
Description
A potential hard-coded password was identified in a database connection string. Passwords should not be stored directly in code but loaded from secure locations such as a Key Management System (KMS).
Examples
Insecure Code
scala
java.sql.DriverManager.getConnection("jdbc:mysql://localhost:3306/mydb", "myuser", "mypassword");Secure Code
scala
java.sql.DriverManager.getConnection(System.getProperty("db.url"), System.getProperty("db.user"), System.getProperty("db.password"));Remediation
Load passwords from a secure location such as a Key Management System (KMS) like Cloud Key Management, AWS Key Management, or Hashicorp's Vault.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0057 |
| Category | Secrets |
| Severity | CRITICAL |
| CWE | CWE-259 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | hard-coded password, database connection string |
| OWASP | N/A |