Non-encrypted confidential information - Keys | Fluid Attacks Database

Database

Description

Confidential information is stored in plain text allowing an attacker to view it without any encryption.

Impact

Obtain sensitive information that can compromise system resources.

Recommendation

Encrypt all sensitive information that is transported or stored within the application according to the organizations policies.

Threat

Attacker with access to source code from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

134 - Store passwords with salt 135 - Passwords with random salt 185 - Encrypt sensitive information

Rules

Ruby Hardcoded Session Secret Token Typescript Hardcoded Private Key Scala Hardcoded Key In Secretkeyspec Dart Hardcoded Cryptography Key Scala Hardcoded Keyparameter Use Ruby Hardcoded Key For Token Typescript Hardcoded Hmac Key Javascript Hardcoded Private Key Java Hardcoded Keyparameter Use Javascript Hardcoded Hmac Key Ruby Hardcoded Encryption Key Config Files Plaintext Certificate Storage C Sharp Hardcoded Cryptographic Key Ssh Private Key Pem Private Key

Fixes