Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Android
- Aws-lambda
- Castor
- Java-jwt
- Jax-rs
- Jboss
- Jdo
- Jedis
- Jjwt
- Jsch
- Kryo
- Lang
- Audit
- Correctness
- Security
- Security
- Audit
- Audit
- Crypto
- Net
- Http
- Base64-encoded-hardcoded-secret
- Httprequest-hardcoded-secret-in-request-header
- Passwordauthentication-hardcoded-password
- Urlconnection-hardcoded-secret-in-request-header
- Properties
- Sql
- System
- Xxe
- Micronaut
- Mongo
- Mongodb
- Mysql
- Okhttp
- Rmi
- Servlets
- Spring
- Thymeleaf
- Xstream
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Base64-encoded-hardcoded-secret
Base64 encoded hardcoded secret
A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. Use environment variables to securely provide credentials and other secrets or retrieve them from a secure vault or Hardware Security Module (HSM).
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-798: Use of Hard-coded Credentials
OWASP:
- A07:2021 - Identification and Authentication Failures