CWE-259: Use of Hard-coded Password

VariantDraftExploit Likelihood: High

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

View on MITRE

Back to CWE Lookup

Extended Description

There are two main variations of a hard-coded password: Inbound: the product contains an authentication mechanism that checks for a hard-coded password. Outbound: the product connects to another system or component, and it contains a hard-coded password for connecting to that component.

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-259

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references