Authentication

ID

ruby.checksecrets

Severity

high

Resource

Authentication

Language

Ruby

Description

Insecure authentication occurs when authentication credentials, such as passwords, are transmitted over an insecure channel, such as HTTP, making them vulnerable to interception.

Rationale

Checks for secrets stored in source code

Remediation

To remediate this vulnerability, ensure that all sensitive information is transmitted over secure channels such as HTTPS. This ensures that the data is encrypted in transit.

Configuration

This detector does not need any configuration.

References

  • CWE-319 : Cleartext Transmission of Sensitive Information.