CQE-798: Hard-Coded Credentials Usage for Remote Authentication

 
Hard-Coded Credentials Usage for Remote Authentication
[an error occurred while processing this directive] Definition in a New Window Definition in a New Window
Quality Issue ID: 798 Maturity: Preliminary
+ Description

Description Summary

This pattern identifies situations where a literal value is hard-coded in the application via the Write action, transported throughout the application along the sequence composed of ActionElements with DataRelations, some of which being part of named callable and method control elements, and ultimately used in the remote resource management action; the transport sequence is composed of assignment operations as updates to the value would not be considered as hard-coded (literal) any more.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains to
View
ChildOf
Pr
Practice		9063Authentication Practices
Quality Issues Organized by Practices (primary)9002
ChildOf
Ch
Characteristic		9115Security
Default Graph (primary)9001
CanPrecede
Co
Consequence		9017Arbitrary Code Execution
Default Graph (primary)9001
CanPrecede
Co
Consequence		9032Exposed Resources
Default Graph (primary)9001
CanPrecede
Co
Consequence		9035Exposed Functionality
Default Graph (primary)9001
CanPrecede
Co
Consequence		9152Unauthorized Access to Sensitive Information
Default Graph (primary)9001

Related Taxonomy Entries

TaxonomyVersionRelated ID
ASCSM1ASCSM-CWE-798
CWE2.11798
+ References
"Automated Source Code Security Measure (ASCSM)". ASCSM-CWE-798. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>.
Page Last Updated or Reviewed: October 01, 2017