Use of Hard-coded Password

From Guidance Share
Revision as of 05:06, 7 August 2007 by GardenTender (talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to navigationJump to search


The use of a hard-coded password increases the possibility of password guessing tremendously.

Applies To

  • Languages: All
  • Operating platforms: All


The following example shows a hardcoded password compare:

int VerifyAdmin(char *password) {
if (strcmp(password,”68af404b513073584c4b6f22b6c63e6b”)) {
printf(“Incorrect Password!\n”);


  • Authentication: If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question.


  • Reliance on a hard-coded password


Design / Implementation: Ensure that strong, non-reversible encryption is used to protect stored passwords. This mechanism should be used both on disk and when the password is stored in memory.

Vulnerability Patterns

How Tos