SFP Secondary Cluster: Hardcoded Sensitive Data
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Hardcoded Sensitive Data cluster (SFP33).
Using an empty string as a password is insecure.
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or sec...
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).