Description: Hardcoded password is nothing but a plaintext password used in the application source code as it is one of the easiest ways to use password for authentication as required to connect and communicate with database or other systems.
Impact: Anyone having access to the source code can access the password value and can gain access to systems such as database or other systems.
How to Fix:
- Consider storing passwords in a configuration file and restrict access to that file. Ensure that only authorized users can view and change the password from this configuration file.
- Restrict access to all files/systems that store credentials such as configuration files or databases.
- Do not display default accounts in application source code, instead use strong hashing techniques to obfuscate hardcoded password.
