Missing authentication for database

• Rule ID: java_lang_missing_database_authentication
• Languages: java
• Source: missing_database_authentication.yml

Description

Your database is at high risk if it lacks proper authentication mechanisms. This vulnerability makes it an easy target for unauthorized access and potential security breaches.

Remediations

• Do configure your database server with recommended authentication configuration, including a strong password and username.
• Do implement a key management system to securely manage and store your passwords.

References

• OWASP Authentication Cheat Sheet

Associated CWE

• CWE-306: Missing Authentication for Critical Function

OWASP Top 10

• A07:2021 - Identification and Authentication Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_missing_database_authentication

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_missing_database_authentication