Skip to content
HCL AppScan CodeSweep

v2 -> v4 Migration (#128) #143

Sign in to view logs

v2 -> v4 Migration (#128)

v2 -> v4 Migration (#128) #143

GitHub Actions / AppScan CodeSweep #1 failed Jan 18, 2024 in 0s

Password stored in Java String object

Identified by HCL AppScan CodeSweep
Vulnerability: Authentication.Credentials.Unprotected
Severity: Medium

Details

Authentication.Credentials.Unprotected

Cause

When the application transmits or stores authentication credentials, it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. Attackers are potentially able to bypass authentication mechanisms, hijack a victim's account, and obtain the role and respective access level of the accounts.

Fix recommendation

Protect all authentication credentials at all times. Only transmit authentication credentials over secure channels such as SSL and stored in encrypted format.

Copyright © 2021, 2023 HCL Technologies Limited | Disclaimer

Annotations

Check warning on line 33 in src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java

See this annotation in the file changed.

@github-actions github-actions / AppScan CodeSweep #1

Password stored in Java String object 

Vulnerability: Authentication.Credentials.Unprotected	[Severity: Medium]
Raw output 
{"file":"DASTConstants.java","filePath":"src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTConstants.java","lineNumber":33,"columnNumber":0,"language":"Java","vulnName":"Password stored in Java String object","vulnType":"Authentication.Credentials.Unprotected","ruleName":"com.hcl.appscan.scanner.java.rules.PasswordInStringJava","context":"String PASSWORD","severity":1,"codeFixes":[],"hashValues":{"0":-1306276361,"1":-1306276361,"2":1915874415,"3":1915874415,"4":1504594402,"5":1504594402}}
View more details on GitHub Actions