目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-798 使用硬编码的凭证 类漏洞列表 582

CWE-798 使用硬编码的凭证 类弱点 582 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-798指硬编码凭据漏洞,即软件将密码或密钥直接写入代码。攻击者可通过逆向工程提取这些固定凭据,从而绕过认证机制获取未授权访问权限。为避免此类风险,开发者应严禁在代码中硬编码敏感信息,转而采用环境变量、密钥管理系统或配置数据库等动态方式存储凭据,确保凭据与代码分离,提升系统安全性。

MITRE CWE 官方描述
CWE:CWE-798 使用硬编码凭证 (Use of Hard-coded Credentials) 英文:该产品包含硬编码凭证 (hard-coded credentials),例如密码 (password) 或加密密钥 (cryptographic key)。 主要有两种变体: 入站 (Inbound):该产品包含一种身份验证机制,将输入的凭证 (input credentials) 与一组硬编码凭证 (hard-coded set of credentials) 进行比对。在此变体中,会创建一个默认的管理员账户 (default administration account),并将一个简单的密码 (simple password) 硬编码到产品中并与该账户关联。此硬编码密码 (hard-coded password) 在产品的每次安装中都是相同的,并且通常无法由系统管理员 (system administrators) 在不手动修改程序或修补产品的情况下更改或禁用。管理员也难以检测到此问题。 出站 (Outbound):该产品连接到另一个系统或组件,并包含用于连接该组件的硬编码凭证 (hard-coded credentials)。此变体适用于与后端服务 (back-end service) 进行身份验证的前端系统 (front-end systems)。后端服务 (back-end service) 可能需要一个容易被发现的固定密码 (fixed password)。程序员可能只是将这些后端凭证 (back-end credentials) 硬编码到前端产品 (front-end product) 中。
常见影响 (2)
Access ControlBypass Protection Mechanism
If hard-coded passwords are used, it is almost certain that malicious users will gain access to the account in question. Any user of the product that hard-codes passwords may be able to extract the password. Client-side systems with hard-coded passwords pose even more of a threat, since the extracti…
Integrity, Confidentiality, Availability, Access Control, OtherRead Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Other
This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code. If the password is ever discovered or published (a common occurrence on the Internet), then anybody with knowledge of thi…
缓解措施 (5)
Architecture and DesignFor outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as …
Architecture and DesignFor inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password or key.
Architecture and DesignIf the product must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection.
Architecture and DesignFor inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash. Use ra…
Architecture and DesignFor front-end to back-end connections: Three solutions are possible, although none are complete. The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals. Next, the passwords or keys should be limited at th…
代码示例 (2)
The following code uses a hard-coded password to connect to a database:
... DriverManager.getConnection(url, "scott", "tiger"); ...
Bad · Java
javap -c ConnMngr.class 22: ldc #36; //String jdbc:mysql://ixne.com/rxsql 24: ldc #38; //String scott 26: ldc #17; //String tiger
Attack
The following code is an example of an internal hard-coded password in the back-end:
int VerifyAdmin(char *password) { if (strcmp(password, "Mew!")) { printf("Incorrect Password!\n"); return(0) } printf("Entering Diagnostic Mode...\n"); return(1); }
Bad · C
int VerifyAdmin(String password) { if (!password.equals("Mew!")) { return(0) } //Diagnostic Mode return(1); }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2017-9656 Philips DoseWise Portal 安全漏洞 — DoseWise Portal 9.1 -2018-04-24
CVE-2018-0150 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE 9.8 -2018-03-28
CVE-2018-5551 DocuTrac QuicDoc和Office Therapy DTISQLInstaller.exe 安全漏洞 — DTISQLInstaller.exe 10.0 -2018-03-19
CVE-2018-0141 Cisco Prime Collaboration Provisioning Software 安全漏洞 — Cisco Prime Collaboration Provisioning 7.8 -2018-03-08
CVE-2017-12350 Cisco Umbrella Insights Virtual Appliances 安全漏洞 — Cisco Umbrella Insights Virtual Appliance 8.2 -2017-11-16
CVE-2017-14027 多款Korenix产品安全漏洞 — Korenix JetNet 9.8 -2017-11-01
CVE-2017-12317 Cisco AMP For Endpoints应用程序安全漏洞 — Cisco AMP for Endpoints 7.8 -2017-10-21
CVE-2017-12709 多款Westermo设备安全漏洞 — Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455 6.6 -2017-08-25
CVE-2017-3222 AmosConnect 8 安全漏洞 — AmosConnect 9.8 -2017-07-22
CVE-2014-9198 编号重复 — ETG3000 FactoryCast HMI Gateway 9.8 -2015-01-27
CVE-2014-2350 Emerson DeltaV 信任管理漏洞 — DeltaV 9.8 -2014-05-22
CVE-2012-6428 Carlo Gavazzi EOS-BOX 安全绕过漏洞 — EOS-Box 9.8 -2012-12-23

CWE-798(使用硬编码的凭证) 是常见的弱点类别,本平台收录该类弱点关联的 582 条 CVE 漏洞。