CWE•Base•Draft•20 recent CVEs
CWE-798Use of Hard-coded Credentials
Description
The product contains hard-coded credentials, such as a password or cryptographic key.
[object Object]
Common consequences
- Access Control→Bypass Protection Mechanism[object Object]
- Integrity,Confidentiality,Availability,Access Control,Other→Read Application Data,Gain Privileges or Assume Identity,Execute Unauthorized Code or Commands,Other[object Object]
Potential mitigations
- Architecture and Design[object Object]
- Architecture and DesignFor inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password or key.
- Architecture and DesignIf the product must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection.
- Architecture and Design[object Object]
- Architecture and Design[object Object]
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-114142026-06-05CVE-2025-713179.82026-06-05CVE-2026-214046.32026-06-04CVE-2026-502137.52026-06-04CVE-2026-492046.52026-06-04CVE-2026-88767.32026-06-03CVE-2026-366165.92026-06-03CVE-2026-366067.12026-06-03CVE-2019-257227.62026-06-02CVE-2026-422512026-06-01CVE-2026-256006.42026-06-01CVE-2026-448258.12026-06-01CVE-2026-429298.32026-05-29CVE-2026-77869.82026-05-29CVE-2026-4563110.02026-05-29CVE-2026-463769.82026-05-29CVE-2026-493234.32026-05-29CVE-2026-492019.82026-05-29CVE-2026-450399.82026-05-28CVE-2026-244449.82026-05-28