High-entropy string assignment that may contain a hardcoded secret

c.miscellaneous.high_entropy_assignment

Severity

low

Resource

Miscellaneous

Language

C / C++

Description

Entropy, or randomness, is a common approach for detecting secret strings. If an assignment has high entropy, it might involve a secret that should not be accessible to users.

Rationale

Entropy, or randomness, is a common approach for detecting secret strings. If an assignment has high entropy, it might involve a secret that should not be accessible to users.

The following code illustrates a vulnerable pattern detected by this rule:

int hush_hush()
{
	// VULNERABLE: High-entropy string assignment that may contain a hardcoded secret
	char *secret = "d3a447630194bd4b";

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-540
OWASP Top 10 2021 - A02 : Cryptographic Failures.