cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Who in their right minds would set hardcoded passwords?

Hi All

 

Did they bypass the change management process or was it someone who called themselves a cybersecurity professional?  

 

https://www.bleepingcomputer.com/news/security/critical-gitlab-vulnerability-lets-attackers-take-ove...

 

Regards

 

Caute_Cautim

2 Replies
dcontesti
Community Champion

I have worked in environments where some folks do hardcode passwords into application, regardless of the warnings, begging, wringing of hands, etc.  They believe they know better and that THEY WILL NEVER be a target.

 

It is unfortunate that this happens throughout IT/OT/ICS, etc.

 

When found by auditors, there is always a promise to change but as soon as the auditors are out of ear shot.....guess what it happens again and they hard code the password once again.

 

Would love to hear how others have handled this in the past

 

d

 

 

 

JKWiniger
Community Champion

I think this is a prime example of when a company need to be fined!

 

There are so many other ways, how about an IAM access token?

 

With a lot of the cloud environments the developers don't even know or have access to the passwords because it handled automatically on the back end.

 

John-