Possible security issue: hard-coded password

Question

Possible security issue: hard-coded password

akondasif opened this issue 4 years ago · 3 comments

Greetings,

We are security researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of hard-coded passwords. According to CWE, "A hard-coded password typically leads to a significant authentication failure that can be difficult for the system administrator to detect."

Hopefully, you agree and will fix it.

Source: https://github.com/openlab-red/quarkus-mtls-quickstart/blob/master/quarkus-server-mtls/src/main/resources/application.properties and https://github.com/openlab-red/quarkus-mtls-quickstart/blob/master/quarkus-client-mtls/src/main/resources/application.properties

Answer 1 · 2020-07-06T08:24:59.000Z

Thanks @akondasif but it's a showcase application not a production grade application. I will make a note on the properties file.

Just for your information the "hard coded" value can be used for local development, and all those properties can be overridden at runtime with an external configuration file.

Where can I open an issue against your bunch of scripts to make them smarter?

Answer 2 · 2020-07-06T16:44:34.000Z

@akondasif

Thanks for the feedback.

Where can I open an issue against your bunch of scripts to make them smarter?

As soon as our paper is peer-reviewed we will make our tool open source and let the community to make the tool better :)

Answer 3 · 2020-07-06T21:37:40.000Z

Awesome! you should consider to publish under OpenAccess.