CWE-259 - Use of Hard-coded Password


As it's difficult for system administrator to reveal and fix authentication failure caused by hard-coded password use it can lead to complete product disabling. Such problems may cause system vulnerabillity that allows attackers to get access to data. There are 2 variants of a hard-coded password applied by the software:
1. Inbound variant is used for inbound authentication of the software. This password can't be changed by system administrator and remains identical for all the product installations. As this variant is always the same, the password disclosure increases cases of attacks.
2. Outbound variant is used for setting of connection with another system or component and as it's usually fived and not complete it's easy to discover it by any user of the program.
The weakness is introduced during Implementattion, Architecture and Design stages.

Latest vulnerabilities for CWE-259


Description of CWE-259 on Mitre website