Support
Dashboard
Dashboard

Join Community

Start Here

What is CodeAnt?

Setup

Github
Bitbucket
Gitlab
Azure Devops

Pull Request Review

Features
Customize Review
Quality Gates
Integrations

Scan center

Code Security
Code Quality
Cloud Security
Engineering Productivity

Integrations

Jira
Test Coverage
CI/CD

IDE

Setup
Review
Enhancements

Rule Reference

Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
  - Aws-lambda
  - Gin
  - Gorilla
  - Gorm
  - Grpc
  - Jwt-go
  - Lang
  - Net
  - Otto
  - Secrets
    - Gorilla
    - Gorm
    - Mongodb
    - Mysql
    - Oauth2
    - Openai
    - Pg
      - Pg-empty-password
        Pg empty password
      - Pg-hardcoded-secret
    - Pgx
    - Ssh
  - Template
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml

Resources

Open Source
Blogs

Pg-empty-password

Pg empty password

pg-empty-password

The application uses an empty credential. This can lead to unauthorized access by either an internal or external malicious actor. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-287: Improper Authentication
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures

Openai hardcoded secret Pg hardcoded secret

twitter linkedin

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.