Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎04-07-2022 06:32 PM
‎04-07-2022 06:32 PM

Who in their right minds would set hardcoded passwords?

Hi All

 

Did they bypass the change management process or was it someone who called themselves a cybersecurity professional?  

 

https://www.bleepingcomputer.com/news/security/critical-gitlab-vulnerability-lets-attackers-take-ove...

 

Regards

 

Caute_Cautim

Reply
0 Kudos
2 Replies
dcontesti
Community Champion
‎04-09-2022 12:33 AM
‎04-09-2022 12:33 AM

I have worked in environments where some folks do hardcode passwords into application, regardless of the warnings, begging, wringing of hands, etc.  They believe they know better and that THEY WILL NEVER be a target.

 

It is unfortunate that this happens throughout IT/OT/ICS, etc.

 

When found by auditors, there is always a promise to change but as soon as the auditors are out of ear shot.....guess what it happens again and they hard code the password once again.

 

Would love to hear how others have handled this in the past

 

d

 

 

 

Reply
0 Kudos
JKWiniger
Community Champion
‎04-09-2022 10:43 AM
‎04-09-2022 10:43 AM

I think this is a prime example of when a company need to be fined!

 

There are so many other ways, how about an IAM access token?

 

With a lot of the cloud environments the developers don't even know or have access to the passwords because it handled automatically on the back end.

 

John-

Reply