CWE-798 - Use of Hard-coded Credentials

  • 摘要:Base
  • 结构:Simple
  • 状态:Draft
  • 发布日期:2010-02-16
  • 更新日期:2025-12-11

名称

Use of Hard-coded Credentials

描述

The product contains hard-coded credentials, such as a password or cryptographic key.

There are two main variations:

常见后果

范围:Access Control

影响:Bypass Protection Mechanism

注释:If hard-coded passwords are used, it is almost certain that malicious users will gain access to the account in question. Any user of the product that hard-codes passwords may be able to extract the password. Client-side systems with hard-coded passwords pose even more of a threat, since the extraction of a password from a binary is usually very simple.

范围:Integrity, Confidentiality, Availability, Access Control, Other

影响:Read Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Other

注释:This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. If the password is ever discovered or published (a common occurrence on the Internet), then anybody with knowledge of this password can access the product. Finally, since all installations of the product will have the same password, even across different organizations, this enables massive attacks such as worms to take place.

相关 CWE