439 – Sensitive information in source code - IP

Description

Storing IP addresses in code can be a security-sensitive issue, as this can result in an attacker discovering a potentially sensitive address or network segment.

Impact

Get sensitive information or private secrets.

Recommendation

- Load sensitive data from safe sources such as, key vault services, configuration files properly encrypted or administrative environment variables.

Threat

Attacker with access to the source-code from the Internet.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 145 - Protect system cryptographic keys
• 156 - Source code without sensitive information
• 266 - Disable insecure functionalities

Last updated

2024/02/21