Hard-coded Database Password
Description
The application uses a hard-coded password to connect to a database server. This is a security risk as it allows unauthorized access to the database. It is recommended to configure the database server with authentication and restrict user queries. Passwords should be loaded from secure locations such as a Key Management System (KMS) to enable auditing and easy rotation in case of a breach.
Examples
Insecure Code
scala
java.sql.DriverManager.getConnection($URI, $USR, "");Secure Code
scala
java.sql.DriverManager.getConnection($URI, $USR, System.getenv("DB_PASSWORD"));Remediation
Load the database password from a secure location such as a Key Management System (KMS) or an environment variable, and configure the database server to require authentication.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0058 |
| Category | Secrets |
| Severity | CRITICAL |
| CWE | CWE-259 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | HIGH |
| Exploitability | EASY |
| Tags | database, password, authentication |
| OWASP | N/A |