Missing authentication for database

Overview

Rule ID: java_lang_missing_database_authentication
Applicable Languages: Java
Weakness ID: CWE-306

Description

Your database faces significant risk without proper authentication mechanisms. This vulnerability exposes it to unauthorized access and potential security breaches.

Remediation Guidelines

Ensure your database server is configured with recommended authentication settings, including strong usernames and passwords.
Implement a key management system to securely handle and store your passwords.

References

OWASP Authentication Cheat Sheet
CWE-306: Missing Authentication for Critical Function
OWASP Top 10: A07:2021 - Identification and Authentication Failures

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousLeakage of sensitive information in logger message NextMissing database password detected

Last updated 3 months ago