The application creates a database connection with an empty password. This can lead to unauthorized access by either an internal or external malicious actor. To prevent this vulnerability, enforce authentication when connecting to a database by using environment variables to securely provide credentials or retrieving them from a secure vault or HSM (Hardware Security Module). Likelihood: LOW Confidence: HIGH CWE: - CWE-287: Improper Authentication
OWASP: - A07:2021 - Identification and Authentication Failures