CWE-798 - Use of Hard-coded Credentials
CWE-798 High
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Use of Hard-coded Credentials
- Description
The product contains hard-coded credentials, such as a password or cryptographic key.
There are two main variations:
- Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism
Notes: If hard-coded passwords are used, it is almost certain that malicious users will gain access to the account in question. Any user of the product that hard-codes passwords may be able to extract the password. Client-side systems with hard-coded passwords pose even more of a threat, since the extraction of a password from a binary is usually very simple.
Scope: Integrity, Confidentiality, Availability, Access Control, Other
Impact: Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Other
Notes: This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. If the password is ever discovered or published (a common occurrence on the Internet), then anybody with knowledge of this password can access the product. Finally, since all installations of the product will have the same password, even across different organizations, this enables massive attacks such as worms to take place.
- Related Weaknesses
- Release Date:
- 2010-02-16
- Latest Modification Date:
- 2024-07-16
Free security scan for your website