Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Inspector Lambda Scanning – CWE-798 - Hardcoded credentials in package-lock.json

1

Hi,

We've been testing out Inspector on our Lambda code (NodeJS) and one of the vulnerabilities it highlights is hardcoded credentials in some of our package-lock.json files. I've reviewed the files in question and can only identify one that has a http username encoded in a url (but no password) and the other I can't even find a username in any of the urls. The only thing I can think that is causing this is that we are using some dependencies from a private repository although I can't see any credentials in the file.

Has anyone else observed this issue or can suggest what else might be triggering the detector?

Themen
ServerlosKalkulationSicherheit, Identität & Konformität
Tags
AWS LambdaSicherheit, Identität & KonformitätAmazon Inspektor
Sprache
English
MarkH
gefragt vor einem Jahr405 Aufrufe
1 Antwort
0

Hello,

Generally, CWE-798: Use of Hard-coded credentials checks if product contains any hard-coded credential such as passwords, cryptographic key, Username and password combination, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. [1]

From the query posted, I understand that though your files doesn’t contain passwords, inspector is still detecting the vulnerability CWE-798. To further debug into this behaviour, I would suggest you to create a support case with us, so that we have visibility to the inspector findings and could fetch more details from internal team regarding this.

Reference

[1] https://cwe.mitre.org/data/definitions/798.html

AWS
Divya_A
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt