Hard-coded credentials refer to embedding authentication information such as usernames, passwords, API keys, or cryptographic keys directly into the source code. Developers might do this for convenience, testing, or quick deployment. However, these credentials often remain in production, creating vulnerabilities.
In software development, a NULL pointer is a pointer variable that does not reference any valid memory location. Dereferencing such a pointer—attempting to access the memory it supposedly points to—results in undefined behaviour. In many systems, this leads to crashes, data corruption, or even exploitable vulnerabilities.
CWE-77 refers to the improper neutralisation of special elements used in a command. These special elements, when inadequately sanitised, allow attackers to inject malicious commands that the system interprets and executes. This vulnerability commonly appears in applications that dynamically construct system commands based on user inputs.
Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.
Out-of-Bounds Read occurs when a program reads data past the allocated boundary of a buffer. This behaviour typically arises from improper validation of input data or incorrect indexing in memory operations. By exploiting this weakness, attackers can gain unauthorised access to sensitive information, potentially leading to security violations.