Use of Hard-coded Credentials
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
A hardcoded password is used for HTTP basic authentication in a controller, meaning the credential is directly written in the source code. This makes it easy for anyone with code access—including those outside your team—to see and misuse the password.
Impact#
If the code is shared or pushed to version control, attackers could find and use the hardcoded password to gain unauthorized access to protected parts of your application, leading to data breaches or further compromise of the system.