Missing database password detected

Overview

• Rule ID: java_lang_empty_database_password

• Applicable Languages: Java

• Weakness ID: CWE-306

Description

Leaving a database password empty exposes the database to unauthorized access and manipulation. Implementing strong authentication measures is crucial to safeguard database content.

Remediation Guidelines

• Do not configure database servers without setting a password, as this leaves the database vulnerable to unauthorized access.

• Adopt secure password management practices. Use a Key Management Service (KMS) to handle database passwords securely, ensuring they are not exposed in application code or configuration files.

References

• OWASP hardcoded passwords

• CWE-306: Missing Authentication for Critical Function

• OWASP Top 10: A07:2021 - Identification and Authentication Failures

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL