Yaml Hardcoded Weak Credentials
Description
This vulnerability detector identifies hardcoded weak credentials in YAML configuration files, specifically targeting Helm charts and Docker Compose files. It searches for configuration entries that contain easily guessable, default, or commonly used passwords, usernames, or authentication tokens that pose a significant security risk if deployed to production environments.
Detection Strategy
• Scans YAML files that are identified as Helm charts or Docker Compose configurations
• Searches for credential-related configuration keys such as passwords, usernames, tokens, API keys, or authentication parameters
• Flags credentials that match patterns of weak or default values like 'password', 'admin', '123456', 'root', empty strings, or other commonly used weak credentials
• Reports vulnerabilities when weak credential values are found hardcoded in the YAML configuration rather than being externalized through environment variables or secure secret management
Vulnerable code example
postgresql:
auth:
username: testuser
password: testpass # Hardcoded password in config file
postgresPassword: testpass # Hardcoded postgres password
database: testdb
secretKeys:
adminPasswordKey: password...✅ Secure code example
postgresql:
auth:
username: testuser
existingSecret: my-postgres-secret # Use external secret instead of hardcoded password
secretKeys:
adminPasswordKey: postgres-password
userPasswordKey: custom-user-password
database: testdb...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.