Description

The source code repository stores cipher keys directly. Allowing an attacker with access to the source code to compromise the keys to impersonate the application or decrypt the communications between server and client.

Impact

Obtain cypher keys to craft new attack vectors.

Recommendation

Store the cipher keys in a secured Keystore.

Threat

Authenticated attacker from Internet with access to the source code.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes