The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-319: Cleartext Transmission of Sensitive Information
named-credentials-string-match
Named Credentials (and callout endpoints) should be used instead of hard-coding credentials. 1. Hard-coded credentials are hard to maintain when mixed in with application code. 2. It is particularly hard to update hard-coded credentials when they are used amongst different classes. 3. Granting a developer access to the codebase means granting knowledge of credentials, and thus keeping a two-level access is not possible. 4. Using different credentials for different environments is troublesome and error-prone. Likelihood: LOW Confidence: HIGH CWE: - CWE-540: Inclusion of Sensitive Information in Source Code
named-credentials-constant-match
Named Credentials (and callout endpoints) should be used instead of hard-coding credentials. 1. Hard-coded credentials are hard to maintain when mixed in with application code. 2. It is particularly hard to update hard-coded credentials when they are used amongst different classes. 3. Granting a developer access to the codebase means granting knowledge of credentials, and thus keeping a two-level access is not possible. 4. Using different credentials for different environments is troublesome and error-prone. Likelihood: LOW Confidence: HIGH CWE: - CWE-540: Inclusion of Sensitive Information in Source Code