Collaborate Disseminate
I have a class in the code that does some sort of encryption, and to do so there is a hardcoded key in the code. After reviewing the code by a security expert, he raised this as an issue, highliting that keys should not be hardcoded in the… Continue reading what is the alternative of hardcoded secret [duplicate]
I have a scenario where the developers are using SafetyNet API to protect their Android apps. I observed that the SafetyNet API key has been hard-coded within the apk file. This is the first time I came across this behaviour.
Is this expos… Continue reading Is having hard-coded API keys such as the SafetyNet API key considered a vulnerability?
When I looked up hardcoded password vulnerability in software world, I saw there are three kinds of vulnerabilities. These are that:
CWE-798: Use of Hard-coded Credentials
The Hardcoded Creds vulnerability definition:
"The software c… Continue reading Why are there multiple "Hardcoded Password" Entries in CWE instead of single one?
When I investigated the Google results, the software vulnerability "Hardcoded Password" (cwe-798 & cwe-259) is a vulnerability for IoT devices’ software (see: link1) and thick client software (see: link2, link3). When passwor… Continue reading What types of software can have "Hardcoded Password" vulnerability?
Digital Video Recorders(DVRs),security cameras,and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Continue reading VU#899080: Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials