Missing authentication for database detected

Rule ID: java_lang_missing_database_authentication
Languages: java
Source: missing_database_authentication.yml

Description

A database server with inadequate authentication is extremely vulnerable to security attacks. Ensure that your database server has the recommended authentication configuration (password, username), and consider using a key management system for any passwords.

Resources

OWASP Authentication Cheat Sheet

Associated CWE

CWE-306: Missing Authentication for Critical Function

OWASP Top 10

A07:2021 - Identification and Authentication Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_missing_database_authentication

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_missing_database_authentication

Ready to take the next step? Learn more about Bearer Cloud.