The analyzer has detected that an empty password was used when connecting to a database. The empty password lacks basic security, which can lead to unauthorized data access.
This vulnerability can be categorized under the OWASP Top 10 2021 classification as follows:
The example of an insecure configuration:
var dataSource = new PGSimpleDataSource(); dataSource.setDatabaseName("db"); dataSource.setUser("server"); dataSource.setPassword(""); // ....
Access parameters in the workspace should fulfill the following requirements:
The fixed code:
var dataSource = new PGSimpleDataSource(); dataSource.setDatabaseName("db"); dataSource.setUser(System.getProperty("db.user")); dataSource.setPassword(System.getProperty("db.password")); // ....
This diagnostic is classified as: