Security Dashboard: Hard-coded Credentials (CWE 798) - 3 vulnerabilities detected

[NormanWenzelWSS]

WhiteSource SAST Security Report for Hard-coded Credentials (CWE 798)

Latest Scan: 2022-03-02 07:30pm New Vulnerabilities: 1 Total Vulnerabilities: 3 Scan URL: WhiteSource SAST

Vulnerability Description

The application contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data

Compliance Standard Violations

• PCI DSS: PCI DSS 6.5.3 - Insecure Cryptographic Storage
• NIST: SC-28: Protection of Information at Rest
• OWASP Top 10: A3: Sensitive Data Exposure
• HIPAA: 164.312 (a)(2)(iv): Access Control: Encryption and Decryption

Vulnerabilities

File	Line	Severity	Remediation Available
org/owasp/webgoat/template/SampleAttack.java	48	Low	❌
org/owasp/webgoat/spoofcookie/SpoofCookieAssignmentTest.java	93	Low	❌
org/owasp/webgoat/missing_ac/MissingFunctionAC.java	32	Low	❌

Details

org/owasp/webgoat/template/SampleAttack.java:45

### Snippet ```Java public class SampleAttack extends AssignmentEndpoint { String secretValue = "secr37Value"; ```

Suppress Vulnerability

### Remediation Recommondations

Store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key. If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible

Suppressed Vulnerabilities

None