Use of Hard-coded Credentials
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The function sets a hardcoded password as a default argument, which means anyone calling the function without specifying a password will use this insecure default. This exposes sensitive credentials directly in the source code.
Impact#
Attackers who access the codebase or decompile the application can easily retrieve the hardcoded password, potentially gaining unauthorized access to systems or data. This weakens authentication controls and could lead to data breaches or compromise of user accounts.