Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2115

A secure password should be used when connecting to a database

    XMLWordPrintable

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Message:
      Use a secure password when connecting to this database.
    • Default Severity:
      Blocker
    • Impact:
      High
    • Likelihood:
      High
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      C#, C, C++, Go, JavaScript, Kotlin, Objective-C, Ruby, Rust, Scala, Swift, TypeScript, VB.Net
    • Covered Languages:
      Java, PHP, Python
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      45min
    • Analysis Level:
      Syntactic Analysis
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CWE:
      CWE-521
    • OWASP:
      A2, A3
    • FindBugs:
      DMI_EMPTY_DB_PASSWORD

      Description

      When relying on the password authentication mode for the database connection, a secure password should be chosen.

      This rule raises an issue when an empty password is used.

      See

        Attachments

          Issue Links

          1.
          PHP RSPEC-4717 Language-Specification Active Unassigned
          2.
          Java RSPEC-4718 Language-Specification Active Unassigned
          3.
          Python RSPEC-5577 Language-Specification Active Unassigned
          4.
          C# RSPEC-6155 Language-Specification Active Unassigned

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              ann.campbell.2 Ann Campbell
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated: