CWE-798 - Use of Hard-coded Credentials

Description

Knowledge of the hard-coded credentials let attackers to evade the authenticationand and be able to get sensitive patient information. To identify and especially fix the hole, created by the hard-coded credentials, system administrator should totally disable the product.
Two main variations are used.
Inbound: an authentication mechanism of software control and check all the input credentials, not allowing access to any hard-coded credentials.
Outbound: for connection with another system or component software uses hard-coded credentials, containing in that component.
Using of hard-coded passwords helps attackers to cause resource functionality exposure, breach of sensitive information or even arbitrary code execution.
The weakness is intoduced during Architecure and Design stage.

Latest vulnerabilities for CWE-798

Use of hard-coded credentials in Microsoft Azure AI Search 2024-04-09
Low Yes

Multiple vulnerabilities in D-Link routers 2024-04-08
Critical No

Multiple vulnerabilities in NEC Aterm series 2024-04-05
Medium Yes

Multiple vulnerabilities in Elspec G5 digital fault recorder 2024-03-21
High Yes

Use of hard-coded credentials in Chirp Systems Chirp Access 2024-03-08
High No

Use of hard-coded credentials in Schneider Electric EcoStruxure IT Gateway 2024-02-23
Low Yes

Use of hard-coded credentials in Siemens Location Intelligence 2024-02-14
High Yes

Multiple vulnerabilities in Allegra 2024-02-13
High Yes

Use of hard-coded credentials in IBM Security Verify Governance 2024-02-05
High Yes

Multiple vulnerabilities in MachineSense FeverWarn 2024-01-26
High No

References

Description of CWE-798 on Mitre website