Possible security issue: hard-coded password #7
Comments
|
There is nothing to fix. These are placeholder property files for developers to signal to ops teams what externalized properties exists are settable for a real deployment on a runtime environment. On the contrary they are not hard coded. |
|
We will update our scanner. Thanks for the feedback. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Greetings,
We are security researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of hard-coded passwords. According to CWE, "A hard-coded password typically leads to a significant authentication failure that can be difficult for the system administrator to detect."
Hopefully, you agree and will fix it.
Source: https://github.com/lbroudoux/chuck-norris-streams/blob/master/chuck-norris-filter-camel/src/main/resources/application-dev.properties and https://github.com/lbroudoux/chuck-norris-streams/blob/master/chuck-norris-filter-camel/src/main/resources/application.properties
The text was updated successfully, but these errors were encountered: