Sensitive information in source code - Credentials
Description
The repository stores sensitive information such as users, passwords, emails, API credentials, among others.
Impact
Obtain sensitive information to compromise other resources or services
Recommendation
- Remove the hardcoded sensitive information and purge git logs - Change login credentials that were compromised. - Load sensitive data from secure sources such as key vault, encrypted configuration files or environment variables.
Threat
External attacker with access to source code.
Expected Remediation Time
⏱️ 90 minutes.
Requirements
145 - Protect system cryptographic keys156 - Source code without sensitive information172 - Encrypt connection strings266 - Disable insecure functionalitiesRules
Gradle Credentials Password HardcodedJava Hardcoded Pbe PasswordRuby Unsafe Hardcoded PasswordGo Hardcoded Redis PasswordPhp Hardcoded Db PasswordJavascript Hardcoded Session SecretPython Hardcoded Flask Secret KeyGo Hardcoded Postgresql PasswordDocker Sshpass Plaintext PasswordJava Hardcoded Connection PasswordJavascript Hardcoded Db PasswordJava Hardcoded Password AuthenticationJava Hardcoded Mongodb CredentialsDart Hardcoded Password In ConnectionJava Hardcoded Keystore Truststore PasswordJava Hardcoded Basic Auth PasswordDart Jaguar Hardcoded Jwt SecretJava Hardcoded Db PasswordRuby Hardcoded Password In ConnectionTypescript Hardcoded Jwt SecretC Sharp Hardcoded Credentials Password LiteralC Sharp Hardcoded Credentials In DirectoryJava Hardcoded Kmf PasswordTypescript Hardcoded Db PasswordGo Hardcoded Amqp PasswordJava Hardcoded Mysql PasswordJava Hardcoded Jwt Signing KeyPhp Insufficiently Protected CredentialsGo Hardcoded Mongodb PasswordDart Hardcoded Httpclient CredentialsJava Hardcoded Jndi CredentialsGo Use Of Hardcoded PasswordJavascript Hardcoded Test CredentialsDart Smtp Hardcoded PasswordJavascript Hardcoded Password In ConnectionDart Jsonwebtoken Hardcoded Jwt SecretPython Hardcoded Db CredentialsPython Hardcoded Password In ConnectionKotlin Hardcoded Repo CredentialsJava Hardcoded Redis Credentials In UrlScala Hardcoded Password In ConnectionJava Hardcoded Redis PasswordPython Hardcoded Db Credentials In SettingsYaml Sshpass Hardcoded PasswordScala Hardcoded Password In PbekeyspecDocker Hardcoded Chpasswd CredentialsJavascript Hardcoded Jwt SecretTypescript Hardcoded Session SecretPhp Use Of Hardcoded PasswordJava Hardcoded Jwt SecretJava Hardcoded Password In SetpasswordC Sharp Hardcoded Password In Connection StringTypescript Hardcoded Test CredentialsJava Hardcoded Redis Auth PasswordGo Smtp Hardcoded PasswordSwift Hardcoded Password In UrlcredentialsRuby Insufficiently Protected CredentialsTypescript Hardcoded Password In ConnectionC Sharp Hardcoded Password SetpasswordJson Git Url With Credentials