CQE-798: Hard-Coded Credentials Usage for Remote Authentication

 
Hard-Coded Credentials Usage for Remote Authentication
Quality Issue ID: 798 Maturity: Preliminary
+ Description

Description Summary

This pattern identifies situations where a literal value is hard-coded in the application via the Write action, transported throughout the application along the sequence composed of ActionElements with DataRelations, some of which being part of named callable and method control elements, and ultimately used in the remote resource management action; the transport sequence is composed of assignment operations as updates to the value would not be considered as hard-coded (literal) any more.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains to
View
ChildOf
Pr
Practice
9063Authentication Practices
Quality Issues Organized by Practices (primary)9002
ChildOf
Ch
Characteristic
9115Security
Default Graph (primary)9001
CanPrecede
Co
Consequence
9017Arbitrary Code Execution
Default Graph (primary)9001
CanPrecede
Co
Consequence
9032Exposed Resources
Default Graph (primary)9001
CanPrecede
Co
Consequence
9035Exposed Functionality
Default Graph (primary)9001
CanPrecede
Co
Consequence
9152Unauthorized Access to Sensitive Information
Default Graph (primary)9001

Related Taxonomy Entries

TaxonomyVersionRelated ID
ASCSM1ASCSM-CWE-798
CWE2.11798
+ References
"Automated Source Code Security Measure (ASCSM)". ASCSM-CWE-798. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>.
Page Last Updated or Reviewed: October 01, 2017