brunojensen
commented
4 years ago Definitely isn't correct to have hard-coded passwords. Actually, this is a "non-production ready" project and I'm trying to improve it from time to time. So I will keep your issue open for a while, but my intention is to fix it at some point.
thanks for your comments.
Greetings,
We are security researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of hard-coded passwords. According to CWE, "A hard-coded password typically leads to a significant authentication failure that can be difficult for the system administrator to detect."
Hopefully, you agree and will fix it.
Source: https://github.com/brunojensen/chainsaw-kube/blob/master/chainsaw-user-service/src/main/resources/application.yaml