359 – Sensitive information in source code - Credentials

Description

The repository stores sensitive information such as users, passwords, emails, API credentials, among others.

Impact

Obtain sensitive information to compromise other resources or services

Recommendation

- Remove the hardcoded sensitive information and purge git logs - Change login credentials that were compromised. - Load sensitive data from secure sources such as key vault, encrypted configuration files or environment variables.

Threat

External attacker with access to source code.

Expected Remediation Time

90 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): L
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 145 - Protect system cryptographic keys
• 156 - Source code without sensitive information
• 266 - Disable insecure functionalities

Fixes

• Csharp
• Dart
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Swift
• Typescript

Last updated

2024/02/20